- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Dear Team ,
Today I got one support call ,
Site 2 site IPsec vpn configured with Azure Microsoft and its configured properly and two way communication is working fine .
Customer side checkpoint and they have Active directory server and one server is hosted on Microsoft side .
Our cloud engineer wanted to add that server in domain of customer side .
SO , He configured ip address and DNS (active directory of customer side ) of Microsoft azure server
From Microsoft azure active directory ip address is reachable though icmp but dns resolution was not woring .
When we tried to do ns lookup from Microsoft azure side server that not getting resolve and getting error.
So , below troubleshooting steps we have taken
--- Both tunnel side configuration check and in topology subnet is proper and policy also configured proper
--- we have check customer side lan network object found configured with hide behind gateway - created no nat policy in nat policy
--- In tracker from azure to customer side triaffic seen but customer side to azure side dns traffic not seen in tracker
----in TCP Dump traffic found from customer side to azure side
--- in fw monitor traffic also found customer side to azure side
---- fw ctl zdebug command no drop found
We azume that checkpoint side no traffic is blocking so raised case with azure
Can you help if anyone know about this same think happen previously so I can get exact idea .
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY