This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
K_montalvo
Advisor
‎2021-08-19 07:15 AM

Domain Object .smtp.office365.com Issue

Hello friends,

I'm experiencing a connection issue with domain object .smtp.office365.com since last week. The situation is on a 5000 appliance running R80.30 standalone. We had not do any changes on the FW or internal network recently, troubleshooting was made from the endpoint which is a printer with the scan to email but error on screen is that cannot contact server. If i remove on the printer_to_O365 rule the domain object and use All Internet or Any it works perfectly. On the logs i see that pass using public IP addresses but i want it to work with domain object via DNS as always. On the logs using domain object i get a drop matching the cleanup rule however the rule is permitted on top and has always  been configured like that and working fine. I executed a reboot to the Gateway yesterday and did not worked.

Is there's any command to clear the DNS cache or troubleshoot this issue?

 

Also tried with different DNS servers one private and the big search engine but no success;

]# nslookup smtp.office365.com
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
smtp.office365.com canonical name = outlook.office365.com.
outlook.office365.com canonical name = outlook.ha.office365.com.
outlook.ha.office365.com canonical name = outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com canonical name = LYH-efz.ms-acdc.office.com.
Name: LYH-efz.ms-acdc.office.com
Address: 52.96.29.82
Name: LYH-efz.ms-acdc.office.com
Address: 52.96.182.2
Name: LYH-efz.ms-acdc.office.com
Address: 52.96.28.178
Name: LYH-efz.ms-acdc.office.com
Address: 52.96.28.2

]#

 

[Expert]# nslookup smtp.office365.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
smtp.office365.com canonical name = outlook.office365.com.
outlook.office365.com canonical name = outlook.ha.office365.com.
outlook.ha.office365.com canonical name = outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com canonical name = MNZ-efz.ms-acdc.office.com.
Name: MNZ-efz.ms-acdc.office.com
Address: 52.96.90.50
Name: MNZ-efz.ms-acdc.office.com
Address: 52.96.87.242
Name: MNZ-efz.ms-acdc.office.com
Address: 52.96.179.226
Name: MNZ-efz.ms-acdc.office.com
Address: 52.96.183.34

[Expert#

 

Thanks,

FW Printer Rules.PNG
Preview file
9 KB
Drop Log.PNG
Preview file
29 KB
0 Kudos
10 Replies
K_montalvo
Advisor
‎2021-08-19 01:11 PM
In response to PhoneBoy

@PhoneBoy  i completed the configuration as on sk157493  but did not worked yet, is there's a command i can use reset DNS cache without rebooting the Gateway?

 

[Expert@# fw tab -t dns_reverse_cache_tbl
localhost:
-------- dns_reverse_cache_tbl --------
dynamic, id 169, num ents 0, load factor 0.0, attributes: keep, expires 1, , has hsize 512, limit 50000

[Expert@]#

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-19 02:36 PM
In response to K_montalvo

If that was your output of fw tab -t dns_reverse_cable_tbl, then there are no entries in it, otherwise it would list entries in that table.

Here's a couple things I suggest before opening a TAC case if you haven't already:

 

K_montalvo
Advisor
‎2021-08-20 07:51 AM
In response to PhoneBoy

Good morning @PhoneBoy , thanks for your support and fast response. I verify and the WSDNSD service is running, is there's a command to clear the DNS cache from the security gateway CLI ?

[Expert@]# cpwd_admin list | grep WSDNSD
WSDNSD 14061 E 1 [17:59:14] 18/8/2021 Y wsdnsd
[Expert@0]#

 

 

0 Kudos
mcatanzaro
Employee
Employee
‎2021-08-20 06:36 PM
In response to K_montalvo

Were you able to use domains_tool against the domain in the object and the dropped IP address/addresses in the logs? That tool is very helpful for gaining insight into issues with domain objects.

0 Kudos
K_montalvo
Advisor
‎2021-08-23 08:44 AM
In response to mcatanzaro

Hello @mcatanzaro Ive been trying with domains_tool (sk161632) without success.

When i tried to see a list of all domains that belong to the Updatable Object 'smtp.office35.com' when it is used in the policy with the following command:

domains_tool -uo "smtp.office35.com"

I get this output;

[Expert@]# domains_tool -uo "smtp.office35.com"
The updatable object smtp.office35.com not found
]#


Also for system troubleshooting i get the below output:

Expert@]# domains_tool -report
ERROR: wrong number of arguments
[Expert@]#


Could you or anyone guide me on what im missing? Any other recommendations are welcome,

Many thanks!

0 Kudos
K_montalvo
Advisor
‎2021-08-23 11:54 AM
In response to K_montalvo

Been reading about this and seems its a old issue and cant found a solution yet. Its seems that Domains Object should only be used when resolve to one IP Address and not multiple IP. Is there's any other object i should use for multiple IP and try to resolved this issue?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-23 01:38 PM
In response to K_montalvo

It should work if the DNS resolves to multiple IPs.
Sounds like you should get the TAC involved if you haven't already.

0 Kudos
GiveMePaloAlto
Explorer
‎2024-01-10 04:55 AM

Same issue here. I guess it will never be fixed?

0 Kudos
the_rock
Legend
Legend
‎2024-01-10 06:40 AM
In response to GiveMePaloAlto

100% works in R81.20

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top