Now this can cause problems if the PTR record doesn’t match the domain name of the A Record as the Check Point Firewall will drop the traffic believing that the destination you are trying to reach isnt that of the Domain object. When a packet hits a rule containing a domain based object the firewall queries the PTR record against the packets IP to see if it matches the domain name provided in the domain object.īelow you can see the DNS process of a domain object using. Not only can this cause a number of issues but it can cause massive performance implications (further details see sk41632).īelow takes a closer look at this process. When a packet hits a rule with a domain based object the Check Point does a reverse DNS looking up on the IP address against the domain object to see if they match, and if not the packet is dropped. In order to to allow domain based objects through a Check Point firewall we need to understand how the domain objects actually work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |