This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zsszlama
Explorer
‎2022-01-20 03:23 AM

RA VPN client update PTR record in Windows DNS server

Hello,

 

Our cluster serves VPN service to our clients based on the ipassigment.conf file in office mode, the DNS servers are Windows servers.

On client side the DNSlookup works fine.

On Windows Server side currently the A records are updated on the DNS server from the VPN clients but the PTR records are also created but they not updating when there is a change.

Do you know if there is a setting on Checkpoint which we could apply?

Or maybe there is a trust issue between CP and Windows DNS Servers? Is there a way to make CP as a secure source for DNS entries?

Please let me know if you need further details.

Thanks in advance!

Zsolt

 

0 Kudos
6 Replies
_Val_
Admin
Admin
‎2022-01-20 03:43 AM

Could you please provide more details? Do you expect your VPN clients to update their reverse DNS data on your Windows DNS server? What would be a purpose of that?

0 Kudos
zsszlama
Explorer
‎2022-01-20 06:05 AM
In response to _Val_

hi Val,

Your assumption is right, we need to update reverse DNS. It's needed to some business services for example for SCCM service to work properly. (This is the public answer which I can provide you, I hope you understand it.)

0 Kudos
Ruan_Kotze
Advisor
‎2022-01-20 07:46 AM

What about a post-connect script running ipconfig /registerdns?

Alternatively you should also be able to create a scheduled task that is triggered after the VPN connection is established.

0 Kudos
zsszlama
Explorer
‎2022-01-21 01:20 AM
In response to Ruan_Kotze

For this we need script? I was thinking it should be a normal behavior. Tbh I thought there is a setting to be applied or some kind of secure connection establishing between cp gws and windows server.

0 Kudos
Ruan_Kotze
Advisor
‎2022-01-21 02:12 AM
In response to zsszlama

The only native way I can think of is if you configure your VPN gateway it so that you get IP addresses from your MS DHCP server itself, which for you is a problem since you use ipassignment.conf.

For interest sake - do other vendors do this, if the DHCP source is the gateway itself?  I ask because in a previous life I supported Fortigates, and I remember we had to touch the clients to get this to work also.

0 Kudos
zsszlama
Explorer
‎2022-01-24 12:34 AM
In response to Ruan_Kotze

Unfortunately I don't have any experience with other vendors.

0 Kudos