This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Raj_Khatri
Advisor
‎2020-09-28 05:33 PM

Maestro Distribution Mode

Has anyone faced issues with outbound DNS on R80.20SP with 2 MHO-140 + 2 members?  We have multiple private interfaces and performing hide NAT for traffic leaving our external interface - pretty standard.  We have noticed very slow and unresponsive DNS queries and lookups.

The default distribution mode is "manual-general" and after reading sk108842, when performing Hide NAT, the external interface should be configured as "network" instead of "user"

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

After making the change to "auto-topology" and setting the external interface to "network," DNS queries are back to normal.  Still experiencing odd DNS issues from certain private segments when pointing to an internal F5 VIP (using external forwarders), but wondering if anybody else has faced similar issues.

Before:
eth1-x :policy-internal
eth2-x: policy-external

After:
eth1-x :manual-internal
eth2-x: manual-external

 

Thanks

0 Kudos
1 Reply
Raj_Khatri
Advisor
‎2020-09-30 06:05 PM

Turns out L4 is enabled by default and recommended by TAC to disable unless doing heavy NAT or SGMs are not balanced.  DNS issues resolved.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events