This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sklotz
Explorer
a week ago

Issue with DNS resolution in browser when connected via Checkpoint mobile client

Not sure if this is really a VPN and/or Checkpoint issue, but as of now it looks like with the following strange behavior.
When users are connected via VPN and browsing websites with internal DNS-names, the browser sometimes through the error message DNS hostname could not be resolved. Also ping the hostname is affected. Only a dedicated nslookup is working fine.
Our first idea/finding was that it might be related to a missing metric entry for the VPN-adapter, but setting this metric manually didn't change anything.
Then we tried to sniffer the DNS-queries on the Checkpoint FW (which terminates the VPN) and we see both the DNS-request as well as the response once we hit refresh in the browser. This means the client is sending the DNS-querie via the correct interface, but it looks like the client (browser or ping) doesn't react on the DNS response.
Do you have any further idea how to troubleshoot or analyze this issue? Or do you already know, what's the reason for this?
We are running on 81.10.
Thank you!

Regards,
Stefan

(1)
4 Replies
Arne_Boettger
Collaborator
Friday

Hello,

we are seeing a similar issue, but with Windows Clients connectiong to R81.20. A Wireshark on the VPN Client clearly shows DNS Queries and Responses, but the client still can not resolve the hostname.

Could it be a recent Windows Update?

Kind regards, Arne

(1)
sklotz
Explorer
yesterday
In response to Arne_Boettger

It might be related to IPv6, we disabled it now on the Checkpoint and WLAN adapter and since then no further issues.
I'm also checking with Checkpoint official support on that topic, but when I read sk182212, it might be the reason here.
I'll keep you updated.

Regards,
Stefan

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to sklotz

Yes, our Remote Access clients do not support IPv6 currently.

0 Kudos
Arne_Boettger
Collaborator
7 hours ago
In response to sklotz

Hello,

I try not to see disabling IPv6 as a solution to anything, because eventually we want to disable IPv4. But it might be related to IPv6 connectivity on the non-VPN interfaces. I did not completely understand sk182212 - are the mentioned IPv6 features already in the generally available Endpoint Clients? 

kind regards, Arne

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events