Create a Post
Showing results for 
Search instead for 
Did you mean: 
Employee Alumnus
Employee Alumnus

DNS Flag Day and Check Point

You may have heard about DNS flag day (2019 | DNS flag day ) and are now asking yourself how will this impact your environment.   A number of DNS providers "have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services, on or around February 1st 2019. This change will affect only sites operating non-compliant software."  This primarily impacts authoritative DNS servers.  As a result of these changes, you may see your Check Point gateway running IPS drop certain traffic due to Non Compliant DNS. 

Gateways running R77.30 JHF 345 and above (including R80.10 and R80.20) are not impacted.  If you're running a lower version and cannot upgrade then you will need to set the IPS protection "Non Compliant DNS" to detect.   For further information, please see sk112578 or reach out to your local SE.  

2 Replies

I just checked one of my R77.30 gateways and 345 isnt listed when I checked for updates .

UPDATE: You must search the "Add Hotfxes from the Could" using: Check_Point_R77_30_JUMBO_HF_1_Bundle_T345_FULL.tgz


That's because JHF 345 is an "ongoing" hotfix, which means it won't be listed in CPUSE unless you get the identifier from TAC. 

Only "recommended" jumbo hotfixes are listed in CPUSE. 

0 Kudos