Create a Post
Showing results for 
Search instead for 
Did you mean: 

CP Firewall - Traffic Accepted - Domain resolving error. Check DNS configuration on the gateway (0)

Hi, whilst reviewing the firewall logs for a VPN failure I found a series of accept, type - alert/connection messages. We have multiple VPNS running on this firewall and I found 23,000 connection alerts in one day for VPN blades. We are running a pair of 4800 firewalls running Checkpoint R80.30 for our external facing firewall. I am not sure if this traffic is actually failing, its traffic traversing a VPN tunnel so I would expect decrypt/encrypt messages rather than accept. Under the log Entry Blade VPN Product Family Access Type Connection/Alert Action Allow Reason Firewall - Domain resolving error, Check DNS configuration on the gateway (0) The majority of the traffic that we have this error with is VPN traffic, however there are some other entries, one this morning for an outbound IKE connection from an internal VPN router to a remote VPN router I have attempted to upload images but it wont work from my works desktop, I will try to add them elsewhere. Any help would be appreciated. Regards Cass

0 Kudos
2 Replies

What is the precise rule(s) that are accepting this traffic?
Do they contain Domain or Updatable Objects by chance?

0 Kudos

There are multiple rules that show traffic being accepted and generating alerts. However they are predominantly VPN rules and the rule one that started this is for VPN community traffic to allow our amazon hosted web services to talk to a internal datapower device.  In this example the source is defined as a network range and the destination is defined as a host with a statically assigned address on our device.



 For information we are using updatable objects, custom applications and domain objects in other rules.







0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events