This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrew_Larrick
Participant
‎2023-08-23 12:57 PM

GRE tunnel and DNS.

Hello All,   recently ran into a strange issue with a GRE tunnel and DNS.

We have an R81.10 cluster building a GRE tunnel to a VSX virtual system.  The GRE tunnel itself appears to be working fine.   We can ping across the tunnel and even get to websites ( http and https ) through the tunnel if we use the sites IP address.  DNS however......

Our firewall logs show that all the GRE traffic from the cluster to the VSX GRE peer is being nat'd to the cluster VIP.    However, a TCPdump on the interface facing the peer shows that DNS traffic is not being translated to the VIP address, yet everything else is.   Since it's not NATing to the Cluster VIP, the peer is trashing it.   

We have tried to add a manual NAT rule, but that doesn't have an effect either.  We have even translated the port to something else and with a rule on the peer to translate it back, but it still sends as the cluster members real IP.

Any thoughts as to why it's treating DNS differently?  Any ideas how to fix it?


TIA

 

Drew

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-08-23 03:18 PM

Sounds like you need a TAC case here: https://help.checkpopint.com 

0 Kudos
the_rock
Legend
Legend
‎2023-08-23 03:28 PM

Just curious, NAT rule you mention was added, do you even see any hits on it at all?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top