Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jan_Vejling1
Explorer

Checkpoint lab FW keeps using old DNS server

We have a LAB fw which - in vain - keeps trying to talk to a shut down DNS server.

It asks for resolver(1-5).chkp.ctmail.com

The 1st, second and third Dns server (as seen typing show DNS in clish) are ok but nevertheless it keeps trying to talk to our old DNS server. We are on VSX mode so Web UI is not supported.

I need to completely delete all reference to dns 10.46.46.46

How can i do that, and where else (if not in DNS setup) coul the old server exist in the configuration?

 

/Jan Vejling

 

0 Kudos
4 Replies
Kaspars_Zibarts
Employee Employee
Employee

use clish, just like normal gateway
set dns primary x.x.x.x
set dns secondary x.x.x.x

else just grep for your IP through all config

 

clish -c "show configuration" | grep "10.46.46.46"

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

What's being asked in those queries? that might point you in right direction. Maybe you're NATing something behind FW address that's still using old DNS
0 Kudos
_Val_
Admin
Admin

As @Kaspars_Zibarts says, but you need to DELETE old DNS servers first. Also, easily done form clish.

 

In case one is lazy, there is also an option to temporarily disable VSX state from clish with "set mode vsx off" and re-enabling it with "set vsx mod on <cr> save config" later on. This obe works but not recommended in production.

 

And of course, in any case, do not forget to save config after finishing your tasks. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Saw this on a R77.30 gateway once, and was cleared by a reboot, suspect a cpstop/cpstart also may have done the job however.
CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events