Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Eichelbu
Collaborator

Is it possible to override DNS Proxy or create exlusions?

Hello together ...

 

as a seperate post to this thread:
https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-and-DNS-records-for-Web-Servers...

Is it possible to exclude IP ranges or VPN or perhapes special suffixes from DNS proxy ???
Since all DNS requests passing an external interface are always catched by the gateway ... its often bad to get only the external DNS responses when the internal DNS addresses are required ...  (Split DNS behavior) 

since sk23630 describes a script,  perhaps there are commands for exclusions?

# Start of dbedit script
#####################
# Activate the DNS feature
modify network_objects corporate-gw firewall_setting::misp_dns_active true
#####################
# Add the first entry (www.example.com, 192.168.1.80, 172.16.2.80)
create misp_dns_entry tmp_name
modify owned tmp_name misp_host_name www.example.com
addelement owned tmp_name misp_dns_addresses 192.168.1.80
addelement owned tmp_name misp_dns_addresses 172.16.2.80
add_owned_remove_name network_objects corporate-gw firewall_setting:misp_dns_entries owned:tmp_name
delete owned tmp_name
#####################
# Add the second entry (ftp.example.com, 192.168.1.21, 172.16.2.21)
create misp_dns_entry tmp_name
modify owned tmp_name misp_host_name ftp.example.com
addelement owned tmp_name misp_dns_addresses 192.168.1.21
addelement owned tmp_name misp_dns_addresses 172.16.2.21
add_owned_remove_name network_objects corporate-gw firewall_setting:misp_dns_entries owned:tmp_name
delete owned tmp_name
#####################
# Update the object
update network_objects corporate-gw
quit
#####################
# end of dbedit script
#####################

 

 

 

maybe someone has an idea?

 

best regards
Thomas

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

DNS Proxy follows the NAT rulebase.
So...if you want to create exclusions, you would configure them as NAT rules.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos