This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chris4Checkmate
Explorer
‎2023-11-20 06:54 AM
Jump to solution

Malware dns trap exception for locally-hosted public nameservers?

Hi,

in my knowledge the feature <Malware DNS Trap> returns a bogus ip in the dns reply packet if the requested fqdn is listed as infected. This is a great feature for protecting local customers/clients.

But we are also hosting a public nameserver (behind) the same Checkpoint firewall instance. We do not want that the dns-replies of our locally-hosted public nameserver are also manipulated for the whole internet.
In my opinion the decision which fqdn is bad should be done by each individual customer and not by any public name server for the whole internet.

Is there any possibility to disable the <Malware DNS Trap> feature for specific target-addresses (like our public nameserver)? Or is there any other solution beside disabling this feature completely (or installing separate firewalls)?

Regards,
Chris

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-11-20 03:24 PM
Jump to solution

This feature is designed to protect internal DNS servers.
However, you can effectively "disable" this by using the fast_accel feature for DNS traffic to this specific host: https://support.checkpoint.com/results/sk/sk156672

View solution in original post

1 Reply
PhoneBoy
Admin
Admin
‎2023-11-20 03:24 PM
Jump to solution

This feature is designed to protect internal DNS servers.
However, you can effectively "disable" this by using the fast_accel feature for DNS traffic to this specific host: https://support.checkpoint.com/results/sk/sk156672

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events