This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abihsot__
Advisor
‎2023-07-26 06:21 AM

Domain object based rules are inconsistent

Hello,

We have Checkpoint network security gateways deployed in AWS using GWLB deployment (R80.40).

 

I noticed that firewall rules which are using domain objects are not consistent. For example if I allow access to google.com, server resolves to 142.250.186.46. 

Then I verify on each gateway:

GW1:

domains_tool -ip 142.250.186.46
---------------------------------------------------------------------------------------------------
| Given IP address: 142.250.186.46 |
---------------------------------------------------------------------------------------------------
| Domain name | FQDN |
---------------------------------------------------------------------------------------------------
| google.com | yes |
---------------------------------------------------------------------------------------------------
Total of 1 domains found

 

GW2:

domains_tool -ip 142.250.186.46
No information about the IP address

 

GW3:

domains_tool -ip 142.250.186.46
No information about the IP address

 

All of the gateways are in the same region and point to the same DNS server.

How can I make sure each GW maintain accurate collection of IPs?

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-07-26 09:11 AM

I'd check a couple of SKs here:

0 Kudos
abihsot__
Advisor
‎2023-07-28 12:56 AM
In response to PhoneBoy

Thanks. Passive DNS might be difficult to achieve, since each resource point to AWS dns and this traffic won't pass through gateways.

0 Kudos
the_rock
Legend
Legend
‎2023-07-26 09:14 AM

One time I had this issue with the customer, we disabled/re-enabled the rule, installed policy and failed. Then, after some time, TAC told us to do the same, but disable accelerated policy push and that worked.

I dont know, maybe we got lucky, but never happened after that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events