https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/220963#M36814 <P>Hello and Good afternoon,</P><P>&nbsp;</P><P>I'm currently managing a cluster of two 6000 series Appliances and a number of 1575 Gateways that are connected to the main 6000 appliances with an IPsec VPN.</P><P>At the moment the remote locations are reliant on the DHCP and DNS servers in our headquarters. We want to change this so that the remote office is independent when the IPsec VPN fails. This means&nbsp;<SPAN>DHCP must be done on the remote firewall for each VLAN and something must be done about DNS.</SPAN></P><P>Moving DHCP to the Firewall is not a problem. divide the scopes between the two firewalls and go! Works...</P><P>At the moment we have one location where we have a delegated DNS instance in our central DNS servers. We defined the DNS suffix in the firewall as location-1.company.local.</P><P>Only when I register an Access Point on the locations firewall as a network object, can I ping it from headquarters. What I want to reach is that devices will register themselves in the DNS on the firewall so they become network objects. One can imagine that registering devices manually is not a job anyone would want to do. All those laptops......Also when I travel to that location I would have to register my device in the network objects db so I can be pinged/found by my hostname. This is not done....<BR /><BR />The question is, how do I make this work automatically? How do I make sure:</P><UL><LI>Devices get an IP from their local FW? ---done---</LI><LI>Devices register themselves in the firewalls DNS database?</LI><LI>When the IPsec fails, the DNS requests should be forwarded to a public DNS server by the firewall.</LI></UL><P>so far my explanation....If there are questions let me know. My first message here and not super experienced with CheckPoint.</P><P>&nbsp;</P> Tue, 16 Jul 2024 13:35:32 GMT demirdag 2024-07-16T13:35:32Z https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/220963#M36814 <P>Hello and Good afternoon,</P><P>&nbsp;</P><P>I'm currently managing a cluster of two 6000 series Appliances and a number of 1575 Gateways that are connected to the main 6000 appliances with an IPsec VPN.</P><P>At the moment the remote locations are reliant on the DHCP and DNS servers in our headquarters. We want to change this so that the remote office is independent when the IPsec VPN fails. This means&nbsp;<SPAN>DHCP must be done on the remote firewall for each VLAN and something must be done about DNS.</SPAN></P><P>Moving DHCP to the Firewall is not a problem. divide the scopes between the two firewalls and go! Works...</P><P>At the moment we have one location where we have a delegated DNS instance in our central DNS servers. We defined the DNS suffix in the firewall as location-1.company.local.</P><P>Only when I register an Access Point on the locations firewall as a network object, can I ping it from headquarters. What I want to reach is that devices will register themselves in the DNS on the firewall so they become network objects. One can imagine that registering devices manually is not a job anyone would want to do. All those laptops......Also when I travel to that location I would have to register my device in the network objects db so I can be pinged/found by my hostname. This is not done....<BR /><BR />The question is, how do I make this work automatically? How do I make sure:</P><UL><LI>Devices get an IP from their local FW? ---done---</LI><LI>Devices register themselves in the firewalls DNS database?</LI><LI>When the IPsec fails, the DNS requests should be forwarded to a public DNS server by the firewall.</LI></UL><P>so far my explanation....If there are questions let me know. My first message here and not super experienced with CheckPoint.</P><P>&nbsp;</P> Tue, 16 Jul 2024 13:35:32 GMT https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/220963#M36814 demirdag 2024-07-16T13:35:32Z https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/221287#M36900 <P>Just to clarify: you want a device to register itself to the DNS server inside the 1575?<BR />This may be possible by hacking the <A href="https://thekelleys.org.uk/dnsmasq/doc.html" target="_blank">dnsmasq</A> configuration, with the configuration file in /pfrm2.0/etc/dnsmasq.conf<BR />"When IPsec fails" the only way you can achieve that is by specifying a public DNS as a backup, as far as I know.</P> Thu, 18 Jul 2024 19:05:27 GMT https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/221287#M36900 PhoneBoy 2024-07-18T19:05:27Z https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/223138#M37170 <P>Yes, that is what we would like to accomplish. I have been looking for dnsmasq configuration options and found some examples. Looking into it....</P><P>&nbsp;</P> Fri, 09 Aug 2024 08:31:59 GMT https://community.checkpoint.com/t5/General-Topics/Network-Objects-and-DNS/m-p/223138#M37170 demirdag 2024-08-09T08:31:59Z