This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Olga_Kuts
Advisor
‎2017-10-23 10:57 PM
Jump to solution

SmartEvent load DNS-server

Hello!

We have DC controllers with DNS servers. When we enable SmartEvent, the load of the controllers on port 53 is very increased.

How can we minimize this load?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Hugo_vd_Kooij
Advisor
‎2017-11-07 01:58 AM
Jump to solution

I recall you could switch off DNS resolving in Smart Reporter. Just had a quick check with SmartEvent in demo mode but you can't configure it there. A quick look at SecureKnowledge and the manuals didn't turn out anything either. 

The option for SmartReporter can be found at the consolidation settings:

But in general DNS is the key to your network. So the skills to manage and maintain good working DNS servers is a critical skill in your network. So it must be high on your organisations list of critical skills.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2017-10-24 04:03 AM
Jump to solution

Let's move this to the correct space: https://community.checkpoint.com/community/management/visibility-monitoring?sr=search&searchId=c0def...

SmartEvent needs DNS to put hostnames in the reports.

I assume you could unconfigure DNS on the appliance to disable this.

You may want to set up a caching DNS server internally for this as well, which is probably a good idea for other reasons.

0 Kudos
Olga_Kuts
Advisor
‎2017-10-25 04:20 AM
In response to PhoneBoy
Jump to solution

Thanks for yous response! I think, we cannot unconfigure DNS on the appliance, because SmartEvent and Management is on the same server. And where I can find more information about caching DNS server? Is this configuration supported by CheckPoint?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-25 04:33 AM
In response to Olga_Kuts
Jump to solution

Caching DNS servers are not something specific to Check Point.

For example, your local DNS servers already cache information about the Internet based on user traffic as well as provide authoritative information for hosts within your local environment.

A caching DNS server is authoritative for no hosts, merely caching the queries from clients to reduce load on the authoritative nameservers. 

They can be configured on a number of operating systems.

Other than SMB gateways, Check Point gateways do not contain a DNS server. 

0 Kudos
Olga_Kuts
Advisor
‎2017-11-06 11:37 PM
In response to PhoneBoy
Jump to solution

Thanks for your answer!

We suspect that the load is caused by the fact that the IP addresses are trying to resolve on the reverse DNS zone (we encountered similar situations when working with other systems). Could this be the reason in this case? Is it possible to disable reverse resolving (perhaps there is an appropriate parameter in the guidbedit)?

0 Kudos
Hugo_vd_Kooij
Advisor
‎2017-10-28 11:29 AM
Jump to solution

I recommend to put in a caching DNS server just for the SmartEvent server and not let SmartEvent hammer on your Active Directory servers.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Olga_Kuts
Advisor
‎2017-11-06 11:33 PM
In response to Hugo_vd_Kooij
Jump to solution

Hugo, thanks for your advice.

The SmartEvent server is located on the management machine. Tell me, please, how can we install a cahcing DNS server  just for the SmartEvent  in this case?

0 Kudos
Hugo_vd_Kooij
Advisor
‎2017-11-07 01:58 AM
Jump to solution

I recall you could switch off DNS resolving in Smart Reporter. Just had a quick check with SmartEvent in demo mode but you can't configure it there. A quick look at SecureKnowledge and the manuals didn't turn out anything either. 

The option for SmartReporter can be found at the consolidation settings:

But in general DNS is the key to your network. So the skills to manage and maintain good working DNS servers is a critical skill in your network. So it must be high on your organisations list of critical skills.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Olga_Kuts
Advisor
‎2017-11-17 01:19 AM
In response to Hugo_vd_Kooij
Jump to solution

Thank you for bringing my attention to the SmartReporter, it was the problem in it, not in SmartEvent. Thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top