cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
MattDunn
Nickel

ForeScout

Hi all,

Does anyone have any experience with ForeScout products?  One of my customers has asked the question:

We are exploring options on Wi-Fi portals for guest access on our Wi-Fi.


One option is to utilize our Forescout however we then need a local DNS which can resolve the local Forescout device but also any subsequent DNS requests.

Can the [Check Point] firewall do this or can it acts as a DNS forwarder to our internal DNS server – and if so is there any issue / concern with this approach?

I don't know well ForeScount well enough (at all!) to immediately answer him.  His question doesn't tell me how ForeScout DNS works so I wondered if anyone else happens to know or has done a similar thing in their environment?  My first thought is that he really doesn't want visitors and guests using his internal DNS.  Does anyone with experience with this product know if that's what he probably means?

Thanks,

Matt

2 Replies
Vladimir
Pearl

Re: ForeScout

No ForeScout expert here, but I suspect that I can extrapolate what your client is trying to achieve.

They are likely trying to implement ForeScout NAC and use it to perform DNS forwarding for guests.

If this is the case and all Check Point devices have to do is to resolve the ForeScout devices names then you can even hard code them in Gaia of your Check Point devices.

If they are actually looking to use Check Point as forwarders, these capabilities are present in SMB appliances with embedded Gaia:

...but not in the enterprise models which rely on a dedicated external DNS infrastructure.

It is likely you can jury-rig something to make it work, but I would not recommend it. 

0 Kudos

Re: ForeScout

Hi Matt

         You can follow the configuration based on the link below.

https://www.forescout.com/wp-content/uploads/2018/04/CounterACT_DNS_Enforce_1.2.pdf 

regards

Anthony