AnsweredAssumed Answered

High Rate of DNS failures with SMTP Gateway

Question asked by Justin Hickey on Sep 25, 2017
Latest reply on Sep 26, 2017 by Justin Hickey

We have Proofpoint for SMTP protection services. Ever since implementing Checkpoint we've see this error message from Proofpoint:


Reputation Query DNS Error
PPS is encountering a high rate of failures when querying DNS to discover the Proofpoint reputation servers
[2017-09-25 11:12:04.221209 -0400] err src=filter eid=eid.filter.prs.locate mod=dns resolver=prs err="Connection timed out"

Proofpoint can and does query DNS records for all sorts of malicious domains and websites and I do see some messages in the logs about Checkpoint detecting, but allowing malicious DNS requests. 

 

"Connection was allowed because background classification mode was set. See sk74120 for more information."


But I also see a smattering of 'First packet isn't SYN' drops from Proofpoint to our DNS Server. This out of state stuff to me was always an indication of an upstream drop. 

 

Anyway, I dont know what to make of it but I cant seem to find a way to exclude Proofpoint for DNS Reputation checks, only individual Protection Names, ie Phishing ddjngz. I kind of need Proofpoint to do its job without Checkpoint interference. We never had this issue on previous Juniper firewalls. 

 

Any assistance is appreciated. Thanks,

Outcomes