This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
demirdag
Participant
‎2024-07-16 06:35 AM
Jump to solution

Network Objects and DNS.

Hello and Good afternoon,

 

I'm currently managing a cluster of two 6000 series Appliances and a number of 1575 Gateways that are connected to the main 6000 appliances with an IPsec VPN.

At the moment the remote locations are reliant on the DHCP and DNS servers in our headquarters. We want to change this so that the remote office is independent when the IPsec VPN fails. This means DHCP must be done on the remote firewall for each VLAN and something must be done about DNS.

Moving DHCP to the Firewall is not a problem. divide the scopes between the two firewalls and go! Works...

At the moment we have one location where we have a delegated DNS instance in our central DNS servers. We defined the DNS suffix in the firewall as location-1.company.local.

Only when I register an Access Point on the locations firewall as a network object, can I ping it from headquarters. What I want to reach is that devices will register themselves in the DNS on the firewall so they become network objects. One can imagine that registering devices manually is not a job anyone would want to do. All those laptops......Also when I travel to that location I would have to register my device in the network objects db so I can be pinged/found by my hostname. This is not done....

The question is, how do I make this work automatically? How do I make sure:

  • Devices get an IP from their local FW? ---done---
  • Devices register themselves in the firewalls DNS database?
  • When the IPsec fails, the DNS requests should be forwarded to a public DNS server by the firewall.

so far my explanation....If there are questions let me know. My first message here and not super experienced with CheckPoint.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-07-18 12:05 PM
Jump to solution

Just to clarify: you want a device to register itself to the DNS server inside the 1575?
This may be possible by hacking the dnsmasq configuration, with the configuration file in /pfrm2.0/etc/dnsmasq.conf
"When IPsec fails" the only way you can achieve that is by specifying a public DNS as a backup, as far as I know.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-07-18 12:05 PM
Jump to solution

Just to clarify: you want a device to register itself to the DNS server inside the 1575?
This may be possible by hacking the dnsmasq configuration, with the configuration file in /pfrm2.0/etc/dnsmasq.conf
"When IPsec fails" the only way you can achieve that is by specifying a public DNS as a backup, as far as I know.

0 Kudos
demirdag
Participant
‎2024-08-09 01:31 AM
In response to PhoneBoy
Jump to solution

Yes, that is what we would like to accomplish. I have been looking for dnsmasq configuration options and found some examples. Looking into it....

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top