This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sam2
Contributor
‎2025-07-28 09:51 AM

per client DNS Server selection

We are looking to migrate from our current recursive dns provider to a new one. Both providers provide a roaming agent that allows our sec teams to approve/deny access to specific domains by user. 

We currently disable our roaming agent when the checkpoint vpn connects and force all dns to our on-premise dns servers. With our new client we are looking to keep it enabled and only send DNS traffic to the VPN if it matches our domain. 

We have 3 VPN solutions deployed. SNX, Checkpoint Mobile, and Capsule Connect. 

Is there a way to force DNS servers by client? I want both SNX and Capsule to be provided with DNS servers via office mode but not Checkpoint Mobile.  I have looked at ipassignment.conf but that only allows for LDAP groups. We typically only use SNX for external contractors, so LDAP would apply fine, but capsule is used by employees, and if I use an LDAP group for them it will prevent the roaming agent from functioning on the users assigned to a capsule related LDAP group. 


0 Kudos
1 Reply
Sam2
Contributor
‎2025-07-28 11:08 AM

I resolved this by changing the interface metric on the checkpoint mobile client to be higher. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events