This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael134890
Explorer
Thursday

R82 http proxy and dns proxy forwarding domains not working

Hello,

on our Gateway Cluster (Elastic XL) we have the http Proxy (Non transparent) enabled.

Without configured DNS proxy Forwarding Domains this works.

After configured DNS Proxy Forwarding and restart the WSDNSD (or CPSTOP, CPSTART), Internet via Proxy don't work anymore.

When i removed the entry for DNS proxy Forwarding and restart the WSDNSD, Internet via proxy works again.

The Logs show the connection is reject because of Proxy: internal error; Connection was rejected due to internal error.

The error described in sk110013 - How to configure Check Point Security Gateway as HTTP/HTTPS Proxy says: DNS server is available but no record for the URL request.

I have no idea why this could not be resolved?

cat /etc/resolv.conf
# This file was AUTOMATICALLY GENERATED
# Generated by /bin/dnsmasq_xlate on Thu Sep 25 10:01:14 2025
#
# DO NOT EDIT
#
server 127.0.0.1

 

cat /etc/dnsmasq.conf
# This file was AUTOMATICALLY GENERATED
# Generated by /bin/dnsmasq_xlate on Thu Sep 25 10:01:14 2025
#
# DO NOT EDIT
#
bind-interfaces
cache-size=1000
no-poll
listen-address=127.0.0.1
interface=bond3.706
server=/google.com/8.8.8.8
server=/#/1.1.1.1
server=/#/1.0.0.1
server=/#/9.9.9.9
conf-dir=/etc/dnsmasq.d

 

netstat -tulpen | grep dnsmasq
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 0 94223101 10214/dnsmasq
tcp 0 0 10.10.6.254:53 0.0.0.0:* LISTEN 0 94223098 10214/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 0 94223100 10214/dnsmasq
udp 0 0 10.10.6.254:53 0.0.0.0:* 0 94223097 10214/dnsmasq

 

All DNS could be locally resolved:

# dig amazon.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7.cp998000096 <<>> amazon.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56994
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;amazon.com. IN A

;; ANSWER SECTION:
amazon.com. 900 IN A 52.94.236.248
amazon.com. 900 IN A 54.239.28.85
amazon.com. 900 IN A 205.251.242.103

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 25 10:05:13 CEST 2025
;; MSG SIZE rcvd: 87

#

dig google.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7.cp998000096 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16468
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 142.251.36.206

;; Query time: 22 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 25 10:04:38 CEST 2025
;; MSG SIZE rcvd: 55

Thanks

Michael

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
Thursday

dnsmasq logs to syslog a.k.a. /var/log/messages
Anything useful there?

0 Kudos
Michael134890
Explorer
Friday
In response to PhoneBoy

Output from /var/log/messages:

 

...

dnsmasq_xlate: Starting dnsmasq_xlate as default mode
dnsmasq_xlate: Updating dnsmasq configuration
dnsmasq_xlate: Restarting dnsmasq
dnsmasq[10125]: exiting on receipt of SIGTERM
dnsmasq[10214]: started, version 2.76 cachesize 1000
dnsmasq[10214]: compile time options: IPv6 GNU-getopt no-DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset au
th nettlehash no-DNSSEC loop-detect inotify
dnsmasq[10214]: using nameserver 9.9.9.9#53 for default
dnsmasq[10214]: using nameserver 1.0.0.1#53 for default
dnsmasq[10214]: using nameserver 1.1.1.1#53 for default
dnsmasq[10214]: using nameserver 8.8.8.8#53 for domain google.com
dnsmasq[10214]: read /etc/hosts - 15 addresses
dnsmasq[10214]: using nameserver 9.9.9.9#53 for default
dnsmasq[10214]: using nameserver 1.0.0.1#53 for default
dnsmasq[10214]: using nameserver 1.1.1.1#53 for default
dnsmasq[10214]: using nameserver 8.8.8.8#53 for domain google.com
dnsmasq[10214]: ignoring nameserver 127.0.0.1 - local interface
xpand[27580]: log info: objectName: DNS,administrator: admin, operation: Set Object, facility: Web-UI, message: primary
DNS server in forwarding domain google.com is set to 8.8.8.8

...

But no erros or anything else

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events