- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Just wondering if anyone else has noticed if you are using domain objects (new type)
I noticed high amount of Block / Alert logs on the gateway complaining it was not able to resolve DNS even though DNS is responding OK.
When I run tcpdump I noticed that firewall sends DNS requests for each domain object in big batches (multiple requests for the same name within 100ms). So there are hundreds of DNS requests spat out every 30 secs for 20 domain objects so I'm not surprised if some are not answered.
I have not raised SR yet - just wondering if it's "known" issue? We are on take 121.
There is one SK that matches symptoms but that should have been fixed in take 42
Hi,
This is a known issue, solved in R80.10 JHF T142.
It will happen when using large amount of domain objects in policy.
Please contact support (& CFG) if you need the fix on top of earlier JHF take.
Thanks,
Meital
Hi, it seems RAD cache is not okay. Please do open a support ticket for proper diagnostics
Are you using None-FQDN mode (sk120633) ?
It's the R80.10 FQDN type objects. Using old makes no sense
I second that 😉
SR is still under investigation but someone else is bored, you may check if your gateway is sending malformed truncated DNS requests using TCP - has all domain objects included multiple times but most importantly packet format is wrong. Our DNS just replies as malformed packet, no results. Seems to match Blocked traffic in logs
Hi,
This is a known issue, solved in R80.10 JHF T142.
It will happen when using large amount of domain objects in policy.
Please contact support (& CFG) if you need the fix on top of earlier JHF take.
Thanks,
Meital
Thanks heaps Meital! Strangely enough case engineer just asked me for more debugs and logs instead of suggesting this...
Haha - I didn't realise that you were from R&D .. Just had a call from case engineer. All good - we'll try one cluster in next couple of days! Thanks again!
One last update - finally we rolled out take 142 last night in production: 2 VSX clusters and one non-VSX. All looking great so far, all block logs gone!
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY