This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_Lutgendorf
Participant
‎2019-05-13 01:03 PM
Jump to solution

r80.10 FQDN allow rule not being picked up in DMZ zone.

TL;DR

Have rules for cylance.com being allowed on the application layer (All traffic regardless of zones.) However, the DMZ network is not seeing all their AWS instances as "cylance.com"

Okay fine I'll create a network rule (Seeing its traffic get blocked by last catch-all block/drop) for the DMZ to wildcard *.cylance.com <--- But you can't do that so I did .*\.cylance.com (FQDN domain object.)

Still nada. The odd thing is DMZ stuff isn't resolving their AWS addresses as standard traffic does.

Does anyone know where I've gone wrong?

 

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
Dima_M
Employee
Employee
‎2019-05-16 12:22 AM
In response to Mike_Lutgendorf
Jump to solution

Domain object has FQDN and non FQDN modes. Non FQDN mode enforces the domain and its sub-domains (Gateway performs reverse DNS lookup).

".cylance.com" in non FQDN mode should work for you.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-05-15 04:42 AM
Jump to solution

You can’t do wildcards with FQDN objects.
A specific hostname must be used.
The fact the GUI allows what you specified could be viewed as a bug.
Mike_Lutgendorf
Participant
‎2019-05-15 11:43 AM
In response to PhoneBoy
Jump to solution

Gotcha so I shouldn't be using the FQDN? 

If I use a host it will resolve to one IP which for a smattering of AWS addresses doesn't help solve the issue. (Recommended by the vendor instead of saying them just providing a block)

 

Which is still a question to why the addresses don't resolve for certain zones, to begin with.

0 Kudos
Dima_M
Employee
Employee
‎2019-05-16 12:22 AM
In response to Mike_Lutgendorf
Jump to solution

Domain object has FQDN and non FQDN modes. Non FQDN mode enforces the domain and its sub-domains (Gateway performs reverse DNS lookup).

".cylance.com" in non FQDN mode should work for you.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-20 08:52 AM
In response to Dima_M
Jump to solution

However, that assumes the reverse DNS of the relevant IPs resolves to something.cylance.com.
This has never been a fantastic assumption.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events