This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ryan_Ryan
Advisor
‎2023-09-24 03:59 PM

domain objects not always working

Hi guys,

 

we have a policy with about 400 FQDN's in it (all FQDN, non are wildcard) R80.40 gateway, R81.10 Manager

 

Strangely sometimes they do match, using domain tools -d and -ip i can confirm both the source and dest rule are matchings the IP addresses I am seeing in the logs but the traffic is still dropped on the cleanup rule. I would say we have about 90% success rate and 10% failure, rate, often its within the same rule that some traffic will match and some will not (can't find any pattern)

 

I am wondering if there is some sort of cache limit we might be hitting? 

 


fw tab -t dns_reverse_unmatched_cache -u -f
Using cptfmt
Formatting table's data - this might take a while...

-------- dns_reverse_unmatched_cache --------
htab_bl, id 7, size 28672, attributes: expire, no links, #vals 0 #slinks 0

 

fw ctl multik print_bl dns_reverse_cache_tbl
-------- dns_reverse_cache_tbl --------
htab_bl, id 8, size 28672, attributes: expire, no links, #vals 417 #slinks 0

0 Kudos
3 Replies
the_rock
Legend
Legend
‎2023-09-24 07:11 PM

Had customer with similar issue last year and TAC suggested cloudguard stop and cloudguard start commands on mgmt server and that fixed it. I cant quite connect the dots as to how logically that worked, but it did.

Andy

0 Kudos
Ryan_Ryan
Advisor
‎2023-09-24 09:31 PM
In response to the_rock

thanks was worth a shot, but still doesn't work. 

 

I did find sk145952 (although resolved)  talks about some limitations when domains resolve to the same Ip, we definitely have that, and some IP resolving to multiple domains, but all our rules are allow so I don't think this is relevant.

0 Kudos
the_rock
Legend
Legend
‎2023-09-25 04:44 AM
In response to Ryan_Ryan

Ok, understood. Yea, if you are on R80.40, I doubt that sk applies.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events