This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TheOddCECI2025
Explorer
‎2025-06-11 12:18 AM

Quantum Spark 1595 - DNS resolution

Hello, I have a DNS resolution issue

[Issue]
In our internal network environment, Host A is trying to connect to External Website A over ports 80 and 443.
However, Host A is unable to properly resolve the domain name of Website A.

[Description]

In the Outgoing Internet Access policy on the policy page, I configured the following rule:

Source: Host A

Destination: Website A (added as a domain-based network object)

Application: Web Browsing

Under this configuration, Host A is unable to browse Website A. The error messages are along the lines of “This page can’t be displayed” or “Please make sure the URL is correct.”

However, if I change the Destination to ANY, or to the IP address of Website A, the connection works fine.

Based on this, I initially suspect that the issue is related to DNS resolution for Website A.

That said, when I run a DNS lookup for Website A using Diagnostics > Tools > Perform a DNS lookup, it resolves correctly.
After the DNS resolution, Host A is immediately able to access Website A.
But after a while, the issue reoccurs, and Host A can no longer connect to the site.

 

[Additional Information]

Both Host A and the firewall itself are configured to use the same internal DNS server, which is our Microsoft Active Directory server.We’ve confirmed that the DNS connectivity is working correctly, and that DNS resolution through this server is functioning as expected.

 

At this point, I’m not sure whether the issue is related to a network/DNS resolution problem, or a configuration issue within the policy itself. Have I forgotten anything else?

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2025-06-11 04:21 AM

So many details missing. Let's start wiht the basics: 

1. SW version on your 1595

2. How does your "domain-based network object" look like?

Also, on the SMB appliance, do you have DNS properly configured? Can you resolve the domain object by name via CLI, on the appliance itself?

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-06-11 06:42 AM

I suspect that the gateway itself is unable to do DNS or is unable to resolve the domain based object.

Or you created the object incorrect. Please share screenshot

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-11 12:34 PM

It sounds vaguely like an issue with rad.
If you are not already on R81.10.17, upgrade to that: https://support.checkpoint.com/results/sk/sk183153?server=us
If you're still having issues, I suggest opening a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events