https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31729#M6639 <HTML><HEAD></HEAD><BODY><P>Hi Matt</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;You can follow the configuration based on the link below.</P><P><A class="link-titled" href="https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf" title="https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf">https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf</A>&nbsp;</P><P></P><P>regards</P><P>Anthony</P></BODY></HTML> Mon, 11 Feb 2019 03:23:04 GMT Poh_Seng_Anthon 2019-02-11T03:23:04Z https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31727#M6637 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>Does anyone have any experience with ForeScout products?&nbsp; One of my customers has asked the question:</P><P></P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>We are exploring options on Wi-Fi portals for guest access on our Wi-Fi.</P><P><BR />One option is to utilize our Forescout however we then need a local DNS which can resolve the local Forescout device but also any subsequent DNS requests.<BR /> <BR />Can the [Check Point] firewall do this or can it acts as a DNS forwarder to our internal DNS server – and if so is there any issue / concern with this approach?</P></BLOCKQUOTE><P></P><P>I don't know well ForeScount well enough (at all!) to immediately answer him.&nbsp; His question doesn't tell me how ForeScout DNS works so I wondered if anyone else happens to know or has done a similar thing in their environment?&nbsp; My first thought is that he really doesn't want visitors and guests using his internal DNS.&nbsp; Does anyone with experience with this product know if that's what he probably means?</P><P></P><P>Thanks,</P><P>Matt</P></BODY></HTML> Sat, 09 Feb 2019 18:35:15 GMT https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31727#M6637 biskit 2019-02-09T18:35:15Z https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31728#M6638 <HTML><HEAD></HEAD><BODY><P>No ForeScout expert here, but I suspect that I can extrapolate what your client is trying to achieve.</P><P>They are likely trying to implement ForeScout NAC and use it to perform DNS forwarding for guests.</P><P>If this is the case and all Check Point devices have to do is to resolve the ForeScout devices names then you can even hard code them in Gaia of your Check Point devices.</P><P></P><P>If they are actually looking to use Check Point as forwarders, these capabilities are present in SMB appliances with embedded Gaia:</P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/78308_pastedImage_1.png" /></P><P></P><P>...but not in the enterprise models which rely on a dedicated external DNS infrastructure.</P><P></P><P>It is likely you can jury-rig something to make it work, but I would not recommend it.&nbsp;</P></BODY></HTML> Sat, 09 Feb 2019 20:06:14 GMT https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31728#M6638 Vladimir 2019-02-09T20:06:14Z https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31729#M6639 <HTML><HEAD></HEAD><BODY><P>Hi Matt</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;You can follow the configuration based on the link below.</P><P><A class="link-titled" href="https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf" title="https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf">https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf</A>&nbsp;</P><P></P><P>regards</P><P>Anthony</P></BODY></HTML> Mon, 11 Feb 2019 03:23:04 GMT https://community.checkpoint.com/t5/General-Topics/ForeScout/m-p/31729#M6639 Poh_Seng_Anthon 2019-02-11T03:23:04Z