This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2024-10-26 02:03 AM

DNS Query going through implied rules

Hi All,

Currently, we have a Checkpoint R81.10 Take 169 firewall. I'm observing a  DNS query requests being sent to DNS servers via implied rules. Even the 'Accept Domain Name UDP Queries' option is unchecked DNS requests are still going through implied rules.

Can anyone guide or help us why such behavior is observed ??

Regards,

0 Kudos
6 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-10-26 05:17 AM

What is the source of the request?

Was the policy installed after the setting was unchecked?

CCSM R77/R80/ELITE
Ihenock1011
Advisor
‎2024-10-26 08:09 PM
In response to Chris_Atkinson

The source is the CP gateway itself for url and IPS update. From the begning the setting was unchecked.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-10-26 09:46 PM
In response to Ihenock1011

There is a separate implied rule that covers outbound traffic from the gateway itself.

image (7).png

CCSM R77/R80/ELITE
(1)
Ihenock1011
Advisor
‎2024-10-27 12:06 AM
In response to Chris_Atkinson

Thanks Chris for your reply. So in that case is there a means of disabling/blocking only DNS requests originating from the gateway? What if I want to allow only explicitly permitted DNS servers?

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-28 06:09 AM
In response to Ihenock1011

Via explicit Access Policy rules, which will apply as long as the relevant Implied Rules are disabled or set to “Before Last.”

the_rock
MVP Platinum
MVP Platinum
‎2024-10-26 05:36 AM

I see the point Chris is making. If you can confirm that, would help us.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events