This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GDenisiak
Explorer
‎2020-11-01 04:18 PM

FQDN object

Hello

I have a issue with FQDN objects and couldn't find any info ho gateway behaves in my case.

I have a rule with FQDN objects as a DST and one of those objects i resolved in DNS into more than one IP address.

Example:

Name: amazon.com
Addresses: 205.251.242.103
176.32.98.166
176.32.103.205

In this case the rule is not catching connection and it is dropped in rule somewhere below.

When pattern is solved into only one address, then the rule catches traffic and all is going as suppose to.

Example:

Name: sky.de
Address: 104.81.219.149

 

Could anyone explain why is it happening and what is the actual mechanism behind that?

 

Br

GDenisiak

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-11-01 09:37 PM

What precise version/JHF level?
As far as I know it should take all IPs the FQDN resolves to.

0 Kudos
GDenisiak
Explorer
‎2020-11-02 12:19 AM
In response to PhoneBoy

This is Check Point CPinfo Build 914000196 for GAIA
[CPFC]
       HOTFIX_R80_30_GOGO_JHF_MAIN     Take:  196

[MGMT]
       No hotfixes..

[IDA]
       No hotfixes..

[FW1]
       HOTFIX_MAAS_TUNNEL_AUTOUPDATE
       HOTFIX_R80_30_GOGO_JHF_MAIN     Take:  196

FW1 build number:
This is Check Point's software version R80.30 - Build 175
kernel: R80.30 - Build 195

[SecurePlatform]
       HOTFIX_R80_30_GOGO_JHF_MAIN     Take:  196

[CPinfo]
       No hotfixes..

[PPACK]
       HOTFIX_R80_30_GOGO_JHF_MAIN     Take:  196

[DIAG]
       No hotfixes..

[CVPN]
       No hotfixes..

[CPUpdates]
       BUNDLE_MAAS_TUNNEL_AUTOUPDATE   Take:  30
       BUNDLE_INFRA_AUTOUPDATE Take:  34
       BUNDLE_DEP_INSTALLER_AUTOUPDATE Take:  18
       BUNDLE_R80_30_JUMBO_HF_MAIN_3_10_GW     Take:  196

[CPDepInst]
       No hotfixes..

[AutoUpdater]
       No hotfixes..

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events