https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95883#M18879 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/20795">@Harish_Sankaran</a>,</P> <P>use the following cli commands<BR /><FONT color="#FF00FF">fw ctl zdebug drop | grep </FONT><STRONG><FONT color="#000000">&lt;source IP&gt;</FONT><BR /></STRONG>or<BR /><FONT color="#FF00FF">fw monitor -e "accept( host=<STRONG>&lt;source IP&gt;</STRONG>);"</FONT><BR />to debug the traffic flow.</P> <P>More to "fw monitor" could you found here:<BR /><A class="jive-link-wiki-small" href="https://community.checkpoint.com/docs/DOC-3475-r8020-update-cheat-sheet-fw-monitor" target="_blank" rel="noopener" data-containerid="2057" data-containertype="14" data-objectid="3475" data-objecttype="102">R80.x - cheat sheet - fw monitor</A></P> <P>&nbsp;</P> Wed, 02 Sep 2020 19:15:36 GMT HeikoAnkenbrand 2020-09-02T19:15:36Z https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95818#M18865 <P>Hi Folks,</P><P>&nbsp;</P><P>We are trying to do nslook-up from out side through URL.We want see the traffic from the URL.</P><P>a)Any end user NSLOOKUP request coming from internet hitting website,&nbsp; It does not show logs in Firewall. Hence we are not able to detect connections as well as source IP address. We need detailed logs indicating NSLOOKUP request flow as well as Source IP details.</P><P>b)Is there any mode in Firewall for detailed log analysis. Currently limited logs are visible which may not be enough for any forensics if required.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 02 Sep 2020 07:44:46 GMT https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95818#M18865 Harish_Sankaran 2020-09-02T07:44:46Z https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95883#M18879 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/20795">@Harish_Sankaran</a>,</P> <P>use the following cli commands<BR /><FONT color="#FF00FF">fw ctl zdebug drop | grep </FONT><STRONG><FONT color="#000000">&lt;source IP&gt;</FONT><BR /></STRONG>or<BR /><FONT color="#FF00FF">fw monitor -e "accept( host=<STRONG>&lt;source IP&gt;</STRONG>);"</FONT><BR />to debug the traffic flow.</P> <P>More to "fw monitor" could you found here:<BR /><A class="jive-link-wiki-small" href="https://community.checkpoint.com/docs/DOC-3475-r8020-update-cheat-sheet-fw-monitor" target="_blank" rel="noopener" data-containerid="2057" data-containertype="14" data-objectid="3475" data-objecttype="102">R80.x - cheat sheet - fw monitor</A></P> <P>&nbsp;</P> Wed, 02 Sep 2020 19:15:36 GMT https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95883#M18879 HeikoAnkenbrand 2020-09-02T19:15:36Z https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95888#M18880 <P>I don't really see what you are trying to identify here. When I use nslookup to resolve a URL like:</P> <P>nslookup <A href="http://www.google.com" target="_blank">www.google.com</A></P> <P>all that will happen is that my machine will contact the configured DNS server and ask the question at which IP I can reach <A href="http://www.google.com," target="_blank">www.google.com,</A>&nbsp;nslookup will not send any packet to <A href="http://www.google.com" target="_blank">www.google.com</A>&nbsp;itself.</P> <P>Extended logging can be set by enabling accounting.</P> Wed, 02 Sep 2020 21:14:23 GMT https://community.checkpoint.com/t5/General-Topics/DNS-traffic-is-not-passing-through-firewall/m-p/95888#M18880 Maarten_Sjouw 2020-09-02T21:14:23Z