- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello everyone,
there are serveral gateways 80.40. I've configured some policies with Domain Names. Almost on all FW it works, but doesn't work on one Gateway. It is resolved by gateway, but does not pass through the FW. What is wrong and how to fix it? Thank you!
Have You been trying Updateable objects?? From my experience it works much more deterministic then working with DomainName object for MS.
Also you can list or check what domain or what ip object is included using domains_tool:
Tick the FQDN box on that object.
Otherwise, it's a classic Domain object, which actually requires reverse DNS resolution of the IP address(es) in question.
Those IP addresses do not have a reverse DNS entry, at least as far as I know.
Hello @PhoneBoy
thank you for your answer. It did help, but only for some names:
Test-NetConnection -ComputerName mscrl.microsoft.com -port 80
ComputerName : mscrl.microsoft.com
RemoteAddress : 152.199.19.160
RemotePort : 80
InterfaceAlias : Ethernet0
SourceAddress : 192.168.30.4
TcpTestSucceeded : True
But here is still doesn't work:
Test-NetConnection -ComputerName crl.microsoft.com -port 80
WARNING: TCP connect to (87.123.248.82 : 80) failed
WARNING: TCP connect to (87.123.248.32 : 80) failed
WARNING: Ping to 87.123.248.82 failed with status: TimedOut
WARNING: Ping to 87.123.248.32 failed with status: TimedOut
ComputerName : crl.microsoft.com
RemoteAddress : 87.123.248.82
RemotePort : 80
InterfaceAlias : Ethernet0
SourceAddress : 192.168.30.4
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
from my home PC it works:
Test-NetConnection -ComputerName crl.microsoft.com -port 80
ComputerName : crl.microsoft.com
RemoteAddress : 89.27.241.11
RemotePort : 80
InterfaceAlias : Ethernet
SourceAddress : 192.168.178.112
TcpTestSucceeded : True
Further to @PhoneBoy suggestion are all gateways running the same JHF level, are the clients also using the same DNS as the gateway?
Hello @Chris_Atkinson ,
thank you for your answer. Yes, all gateways are the same. We have updated them recently.
No, the clients and gateways are using different DNS, but this isn't a problem for the other gateways
These objects only work properly if the DNS servers used by the clients and gateway produce the exact same results.
The easiest way to ensure this is to have the gateways and clients use the same DNS resolver.
Have You been trying Updateable objects?? From my experience it works much more deterministic then working with DomainName object for MS.
Also you can list or check what domain or what ip object is included using domains_tool:
thank you! this is the easiest way!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY