This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gcarella
Participant
‎2021-07-23 10:06 AM
Jump to solution

How to edit hosts file on Quantum Spark 1590 Appliance

Hi all,

 

I have a simple question to ask to the community. How I can set permanently an entry on the hosts file of the firewall?

My setup is a 1590 Quantum Spark appliance running R80.20.25.

I need to resolve a specific FQDN into a specific IP and not using public DNS servers.

There is no way to do this from GUI, also clish commands are not working or accepted.

So I've tried to edit /etc/hosts file in expert mode, but any change is overwritten automatically after some time. When I write inside /etc/hosts file an entry, this works only for some time. After a while it's overwritten and deleted reverting back the file to default.

 

Any idea?

 

Thank you,

Gianluigi Carella

 

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
‎2021-07-27 08:19 PM
In response to gcarella
Jump to solution

Do you have [Enable DNS Proxy] and [Resolve Network Objects] checked in global DNS settings?

Also not to forget to check [Allow DNS server to resolve this object name] on your network object, and it should work.

netobj_dns.png

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2021-07-24 01:30 PM
Jump to solution

Editing certain underlying Unix files like that is not supported.
You need to create a specific object for that FQDN either in the WebUI or via the add host CLI command.

0 Kudos
gcarella
Participant
‎2021-07-26 05:32 AM
In response to PhoneBoy
Jump to solution

OK but I've tried using a network object and it doesn't work.

When I try to ping the FQDN the IP is resolved with the public IP and not the private one that I have explicitly configured in the network object.

 

What I'm doing wrong?

 

Thanks.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-26 08:55 AM
In response to gcarella
Jump to solution

Is an entry being created in the /etc/hosts file when you create the object?
It is for me when I do it on R80.20.30 firmware anyway.

13D8F8A0-7081-4560-97E8-11CC75C91D78.jpeg

0 Kudos
gcarella
Participant
‎2021-07-27 07:38 PM
In response to PhoneBoy
Jump to solution

tried many times, but /etc/hosts doesn't reflect what I've configured as network object.

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2021-07-27 08:19 PM
In response to gcarella
Jump to solution

Do you have [Enable DNS Proxy] and [Resolve Network Objects] checked in global DNS settings?

Also not to forget to check [Allow DNS server to resolve this object name] on your network object, and it should work.

netobj_dns.png

gcarella
Participant
‎2021-07-29 05:25 AM
In response to Tom_Hinoue
Jump to solution

Yeah. This works for me. The solution was for all this time under my eyes.

0 Kudos
Check07090
Participant
‎2023-01-02 02:05 AM
In response to gcarella
Jump to solution

After doing  [Enable DNS Proxy] and [Resolve Network Objects] checked in global DNS settings and [Allow DNS server to resolve this object name] on network object, do we still need to make the entries in /etc/hosts file...? Or only making these settings on firewall level only will resolve the DNS since after these settings on firewall level only, I am not able to ping the network object from my desktop while in firewall DNS lookup, object is resolving the IP...

Can any one plz help here...

Preview file
13 KB
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-02 03:58 AM
In response to Check07090
Jump to solution

No, entries in firewall  /etc/hosts file are defined in WebGUI. Did you look at the hops ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Check07090
Participant
‎2023-01-02 05:12 AM
In response to G_W_Albrecht
Jump to solution

While checking by tracert in command prompt it is showing as 'Unable to resolve target system name xyz.in' 😕

0 Kudos
Check07090
Participant
‎2023-02-19 06:09 AM
In response to G_W_Albrecht
Jump to solution

I just got it work... Since I have manually entered the Google DNS (8.8.8.8) on end user nodes that's why it was not resolving the network objects of CP firewall. Now I mentioned the gateway address in DNS and it starts working...😃

If I don't mention the gateway address in DNS on end user node on ethernet then it doesn't work. Please suggest that mentioning the gateway address in DNS on end user node ethernet is good idea ...?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-02-19 07:05 AM
In response to Check07090
Jump to solution

Setting the gateway LAN IP in the client DNS settings is a requirement for DNS proxy to work, correct.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events