cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Checkpoint lab FW keeps using old DNS server

We have a LAB fw which - in vain - keeps trying to talk to a shut down DNS server.

It asks for resolver(1-5).chkp.ctmail.com

The 1st, second and third Dns server (as seen typing show DNS in clish) are ok but nevertheless it keeps trying to talk to our old DNS server. We are on VSX mode so Web UI is not supported.

I need to completely delete all reference to dns 10.46.46.46

How can i do that, and where else (if not in DNS setup) coul the old server exist in the configuration?

 

/Jan Vejling

 

0 Kudos
4 Replies

Re: Checkpoint lab FW keeps using old DNS server

use clish, just like normal gateway
set dns primary x.x.x.x
set dns secondary x.x.x.x

else just grep for your IP through all config

 

clish -c "show configuration" | grep "10.46.46.46"

0 Kudos

Re: Checkpoint lab FW keeps using old DNS server

What's being asked in those queries? that might point you in right direction. Maybe you're NATing something behind FW address that's still using old DNS
0 Kudos

Re: Checkpoint lab FW keeps using old DNS server

As @Kaspars_Zibarts says, but you need to DELETE old DNS servers first. Also, easily done form clish.

 

In case one is lazy, there is also an option to temporarily disable VSX state from clish with "set mode vsx off" and re-enabling it with "set vsx mod on <cr> save config" later on. This obe works but not recommended in production.

 

And of course, in any case, do not forget to save config after finishing your tasks. 

0 Kudos
Highlighted
Employee+
Employee+

Re: Checkpoint lab FW keeps using old DNS server

Saw this on a R77.30 gateway once, and was cleared by a reboot, suspect a cpstop/cpstart also may have done the job however.
0 Kudos