Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Eichelbu
Advisor
Advisor

Is there a way to create a byass/exception for DNS Sinkhole?

Hello Check Mates

Is there a way to create a byass/exception for DNS Sinkhole?

Sometimes we run into some special scenarios when running DNS Sinkhole.
The good thing, this feaure works great, but sometimes too great.

 

For example:
Some customers are conductiong Phishing Awareness trainings, they send out special crafted training emails and teach their personal not to click on any of those funny links.
With DNS Sinkhole in place this never works, it always kills the DNS request.
For some special DNS resources we will need exclusions to allow them, even when Check Point is convinced this resources are highly infected and super evil ...

Has somone ever ran into these? 

best regards

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

Normal exceptions for the site/domain on your TP rule should do the trick?

Refer: https://community.checkpoint.com/t5/Threat-Prevention/DNS-Reputation-Exception/m-p/55745

CCSM R77/R80/ELITE
Timothy_Hall
Legend Legend
Legend

Probably the best way to do this is to first define a Custom Application/Site site object that has the site name/URL of the legit phishing server in it.  Then create a global TP exception and in the Protection/Site/File/Blade column select "User Applications", and then select the custom site name you made.   Next set the Action of the new exception to Detect or Inactive.  This should exclude any enforcement against that site name and would definitely work for the five TP blades, but the Malware DNS trap is kind of in its own little world to some degree and this exception may not work properly.  You'll have to try it and see what happens.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events