cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Domain object is not working in R80.10 properly

Dear Team,

I have added domain object in a rule (non-fqdn) and it is not working properly in checkpoint R80.10

The requirement was for O365.com

As it was not working I have tried with fqdn as well and still, the issue is same.

Added domain objects for all related URLs (eg. microsoft.com etc.), but no luck.

Did reverse nslookup as well and added the obtained domains.

Traffic is not hitting the particular rule.

As per the clean-up rule drop, in the tracker, the traffic is trying to reach the IP address for O365 server and our domain object is not able to resolve that.

When we added a rule with O365 IP addresses, the traffic is passing via that rule.

We are facing similar issues with some other URLs as well.

Is it a known issue with R80.10? 

Is there any alternate methods or any dependencies for domain objects?

0 Kudos
6 Replies

Re: Domain object is not working in R80.10 properly

It works for us perfectly as described in this sk

Domain Objects in R80.10 and above 

Read it carefully. FQDN myst be specific (*.something will not work)

Also make sure that DNS resolution works on the gateway

0 Kudos

Re: Domain object is not working in R80.10 properly

(*.something will not work)

For *.something I assume you need application control.

and now to something completely different
0 Kudos

Re: Domain object is not working in R80.10 properly

0 Kudos
Admin
Admin

Re: Domain object is not working in R80.10 properly

Domain objects in general do not require Application Control.

However, Application Control is useful in allowing access to Office 365.

Screenshots of exactly what you've tried to configure would be helpful.

0 Kudos

Re: Domain object is not working in R80.10 properly

I meant wildcards, not domain objects in general.

and now to something completely different
0 Kudos

Re: Domain object is not working in R80.10 properly

Remember there are other options if you don't have access to AC blade. There are number of scripts available that can generate IPs for O365 so you can stick with old school FW rules. Smiley Happy

Just search community for O365.

0 Kudos