https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7573#M134 <HTML><HEAD></HEAD><BODY><P>Hello Dameon,</P><P></P><P>&nbsp;thanks for your response! I think&nbsp;that's it. The log page not beeing responsive is another&nbsp;<A href="https://dict.leo.org/german-english/phenomenon" style="color: inherit; background-color: #ffffff; border: 0px; text-decoration: none; font-size: 13.92px;">phenomenon</A>&nbsp;I noticed when no public DNS was defined.</P></BODY></HTML> Tue, 17 Oct 2017 11:19:01 GMT Julius_Kaiser 2017-10-17T11:19:01Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7571#M132 <HTML><HEAD></HEAD><BODY><P>Hello Folks,</P><P></P><P>I have an IPSEC tunnel configured on the given platform (see below). The tunnel peer is defined by IP address, not hostname. Tunnel config is default, Check Point as remote gateway (same platform, firmware etc), p<SPAN style="color: #2a3a55; background-color: #ffffff;">erfect forward secrecy with DH Group 2, no NAT.</SPAN></P><P></P><P><SPAN style="color: #2a3a55; background-color: #ffffff;">My problem is: The Tunnel won't come up without a public reachable DNS server configured as the primary DNS server under Device/ DNS/ "Configured DNS Servers".</SPAN></P><P></P><P>Does anyone know this kind of behaviour and can provide an explanation, or is this a bug?</P><P></P><P>Thanks in advance.</P><P></P><DIV style="color: #2a3a55; background-color: #f7f9ff;"><SPAN class="">Appliance:</SPAN>Check Point 1430 Appliance (gro-aue-fw01)</DIV><DIV style="color: #2a3a55; background-color: #f7f9ff;"><SPAN class="">Security Management:</SPAN>Locally managed</DIV><DIV style="color: #2a3a55; background-color: #f7f9ff;"><SPAN class="">Version (Firmware):</SPAN>R77.20.40 (990171107)</DIV></BODY></HTML> Mon, 16 Oct 2017 12:17:05 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7571#M132 Julius_Kaiser 2017-10-16T12:17:05Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7572#M133 <HTML><HEAD></HEAD><BODY><P>It's possible this is covered by a known limitation listed here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105380" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105380">Check Point R77.20 for 600 / 700 / 1100 / 1200R / 1400 Appliance Known Limitations</A>&nbsp;</P><P>Specifically:</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><TABLE border="1" cellpadding="4" cellspacing="2" style="color: #000000; background-color: #ffffff; font-size: 14px;" width="100%"><TBODY><TR><TD>01668937</TD><TD><P>Configuring appliances with a DNS server that does not resolve publich domain names, may cause issues in various features, including timeouts during SIC establishment, log page not being responsive, and more. Make sure to configure DNS servers that can be reached from the appliance.</P></TD></TR></TBODY></TABLE></BLOCKQUOTE></BODY></HTML> Mon, 16 Oct 2017 18:50:56 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7572#M133 PhoneBoy 2017-10-16T18:50:56Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7573#M134 <HTML><HEAD></HEAD><BODY><P>Hello Dameon,</P><P></P><P>&nbsp;thanks for your response! I think&nbsp;that's it. The log page not beeing responsive is another&nbsp;<A href="https://dict.leo.org/german-english/phenomenon" style="color: inherit; background-color: #ffffff; border: 0px; text-decoration: none; font-size: 13.92px;">phenomenon</A>&nbsp;I noticed when no public DNS was defined.</P></BODY></HTML> Tue, 17 Oct 2017 11:19:01 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-IPSEC-Tunnel-not-comming-up-without-public-DNS-server/m-p/7573#M134 Julius_Kaiser 2017-10-17T11:19:01Z