- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hello,
I make a test rule to allowing one server access to ww.detik.com, i create domain object with .detik.com
But i think the domain object is not working, the server still can't access to the www.detik.com, tick and untick the FQDN on the domain object not helping.
Anyone know how about this?
Restart of WSDNSD only impacts DNS resolution of the firewall itself and no other traffic. If you have multiple domain-objects and updatable objects I would do it outside of business hours (except if all of them don't work, then it does not matter).
If it is just this one domain you can do it any time.
As you do not show the rule created and the object in detail it is very hard to help here. Did you follow https://support.checkpoint.com/results/sk/sk120633 ? Also read https://support.checkpoint.com/results/sk/sk90401
yes l already follow the reference article, and here i send my rule
Ticked or not the rule is not working
Result :
And which rule does match and drop the traffic, cleanup rule ? Why do you use Any service for the rule ?
Yes the traffic dropped by cleanup rule. Since i only need the server access to some websites so i set the service as 'Any'.
It's wrong?
Non-FQDN objects require the ability to reverse-resolve the IP address to the relevant domain.
FQDN objects require a forward lookup on the relevant FQDN.
Have you confirmed the gateway can actually do this?
See also: https://support.checkpoint.com/results/sk/sk161632 (to troubleshoot)
Maybe also see if the following will help: https://support.checkpoint.com/results/sk/sk161612
Hello,
Yes the gateway can do forward lookup.
When issuing command domain_tool -d www.detik.com i got 'Domain is not attached to any IP address'
Recommend engaging with the TAC here: https://help.checkpoint.com
Is the source IP of the server also correct?
Recent policy install was done too? - Can check with "fw stat" on gateway.
Hi..
yes, the policy already installed. Also i have another checkpoint and i do test by issuing 'domain_tool -d www.detik.com'
and this checkpoint showing ip address of detik.com but not for my 1st checkpoint.
Did you already try 'domains_tool -report' from sk161632?
i got 'WSDNSD and DNS servers are not synchronized' when issuing 'domains_tool -report'
This can be fixed by command below right? Will this command cause a downtime?
cpwd_admin stop -name WSDNSD -path "$FWDIR/bin/wsdnsd" -command "fw kill wsdnsd"; cpwd_admin start -name WSDNSD -path "$FWDIR/bin/wsdnsd" -command "wsdnsd"
Restart of WSDNSD only impacts DNS resolution of the firewall itself and no other traffic. If you have multiple domain-objects and updatable objects I would do it outside of business hours (except if all of them don't work, then it does not matter).
If it is just this one domain you can do it any time.
After restarting the WSDNSD now the domain object is working, but i still have a question about object domain.
I want to make domain object for this URL
ussus1eastprod.blob.core.windows.net
ussus2eastprod.blob.core.windows.net
ussus3eastprod.blob.core.windows.net
ussus4eastprod.blob.core.windows.net
wsus1eastprod.blob.core.windows.net
wsus2eastprod.blob.core.windows.net
and i make domain object with name .blob.core.windows.net and FQDN not ticked. On my mind domain object .blob.core.windows.net can discover all URL above but when i check with command domains_tool -d blob.core.windows.net and i just only get one ip address. Did you know why?
Because Domain Objects that aren't FQDN rely on reverse DNS to operate.
When I look up the IP I get for, e.g. wsus2eastprod.blob.core.windows.net, I get an NXDOMAIN (no record found) for the IP that it resolves to.
Recommend doing this with either a Custom Application/Site or put these hosts in a Network Feed in R81.20+.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
19 | |
12 | |
6 | |
6 | |
6 | |
5 | |
4 | |
4 | |
4 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY