Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ihenock1011
Advisor

DNS Query going through implied rules

Hi All,

Currently, we have a Checkpoint R81.10 Take 169 firewall. I'm observing a  DNS query requests being sent to DNS servers via implied rules. Even the 'Accept Domain Name UDP Queries' option is unchecked DNS requests are still going through implied rules.

Can anyone guide or help us why such behavior is observed ??

Regards,

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee

What is the source of the request?

Was the policy installed after the setting was unchecked?

CCSM R77/R80/ELITE
Ihenock1011
Advisor

The source is the CP gateway itself for url and IPS update. From the begning the setting was unchecked.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

There is a separate implied rule that covers outbound traffic from the gateway itself.

image (7).png

CCSM R77/R80/ELITE
(1)
Ihenock1011
Advisor

Thanks Chris for your reply. So in that case is there a means of disabling/blocking only DNS requests originating from the gateway? What if I want to allow only explicitly permitted DNS servers?

0 Kudos
PhoneBoy
Admin
Admin

Via explicit Access Policy rules, which will apply as long as the relevant Implied Rules are disabled or set to “Before Last.”

the_rock
Legend
Legend

I see the point Chris is making. If you can confirm that, would help us.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events