Dear Team ,

Today I got one support call ,

Site 2 site IPsec vpn configured with Azure Microsoft and its configured properly and two way communication is working fine .

Customer side checkpoint and they have Active directory server and one server is hosted on Microsoft side .

Our cloud engineer wanted to add that server in domain of customer side .

SO , He configured ip address and DNS (active directory of customer side ) of  Microsoft azure server

From Microsoft azure active directory ip address is reachable though icmp but dns resolution was not woring .

When we tried to do ns lookup from Microsoft azure side server that not getting resolve and getting error.

So , below troubleshooting steps we have taken

--- Both tunnel side configuration check and in topology subnet is proper and policy also configured proper

--- we have check customer side lan network object found configured with hide behind gateway - created no nat policy in nat policy

--- In tracker from azure to customer side triaffic seen but customer side to azure side dns traffic not seen in tracker

----in TCP Dump traffic found from customer side to azure side

--- in fw monitor traffic also found customer side to azure side

---- fw ctl zdebug command no drop found

We azume that checkpoint side no traffic is blocking so raised case with azure

Can you help if anyone know about this same think happen previously so I can get exact idea .