Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Di_Junior
Advisor
Advisor

NAT on DNS traffic on Check Point Firewall

Dear Mates

Our public DNSs were put behind our Firewall on the DMZ, and we are doing NAT with a Public IP in order to allow our customers to resolve externally. Unfortunately some requests were failing, hence the pages unavailable.
We are being pressured to assign a Public Ip directly in the interface of the DNS in order to avoid doing NAT which is something we do not wish to do.

Is there any way to solve this issue without stopping doing NAT?

Thanks in advance

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion

What is the reason for blaming the NAT?
What are your reasons to not want real IP's on a DMZ interface?
Regards, Maarten
0 Kudos
Di_Junior
Advisor
Advisor

The isue is that our DNS anounces all of our internal domain names. and when it anounces the names, it uses the private IP configured on its interface instead of the public IP configured on the Firewall for NAT.

So when other authoritative DNS consults our names, it find a private IP instead of the public IP and the request does not work.

Any idea on how we can sort out this issue and keep the NAT?
We are using windows server 2016.

Thanks in Advance
0 Kudos
PhoneBoy
Admin
Admin

It is best practice to use separate DNS servers for internal and external resolving purposes.
That said we have a feature called DNS NAT that may help.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Wolfgang
Authority
Authority

Looks like a very nice feature, I‘ve never heard about it. And it will be always a surprise to see what‘s possible 😉

Wolfgang
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events