|
|
sofaware.infopop.cc SofaWare Discussion Groups SmartCenter Management split dns and site-to-site vpn|
Go
|
New
|
Find
|
Notify
|
Tools
|
Reply
|
|
|
Junior Member |
Has anyone else noticed that having securemote dns server (split dns) defined for main site in SmartDashboard seems to force Edge to redirect certain dns requests also with site-to-site VPNs according to that configuration?
One customer is in the middle of a dns server address change. They don't use Securemote anymore but the FW-1 still had settings left over from that era. I could see in tcpdump/traffic logs that client sent requests to certain server but after Edge they were going elsewhere. Man did I wreck my brain with this one... changing the dns server in the SmartDashboard or removing it completely solved the problem, of course. Or is this by design? I thought split dns would've only affected client VPNs. |
||
|
|
Junior Member |
Hi,
you are lucky to have no more SecuRemote access. At one of our customer's site we need SecuRemote DNS for SecuRemote access as well as Edges as Satellites in a Star Community. These Edges also translate DNS requests to domains configured in SecuRemote DNS Server, so only one internal DNS can be asked. There is no redundancy for DNS, even if the clients behind an Edge have 2 DNS servers in the center network configured in their Windows. If the main DNS of the internal network is down, there is no DNS for the configured domains at the satellite sites. I don't think this is by design (?) Best regards, Matthias |
|||
|
|
Junior Member |
Are you able to use Officemode? That would give you several dns and wins servers to the clients... at least with normal FW-1. I'm not sure how it works with Edges - haven't really looked at CP's client vpn stuff lately. This one dns server limit is kinda strange but perhaps CP wants people to switch to Officemode or something. Regards, Hannu |
|||
|
|
Junior Member |
Hi Hannu,
the customer doesn't have a license for SecureClient, so OfficeMode is not possible. Sure, Check Point wants people to switch to OM ;-) It's escalated to Check Point support now, since this behaviour of a VPN-1 Edge is not really as expected in a site-to-site VPN. Best regards, Matthias |
|||
|
|
Junior Member |
Hi,
a solution is now in Check Point SecureKnowledge, see sk32228. Best regards, Matthias |
|||
|
| Previous Topic | Next Topic | powered by eve community |
 | Please Wait. Your request is being processed... |
|
|||
| Site | sofaware.infopop.cc | ||
| Servlet | eve2da005 | ||
| Version | 1.2.22 build 9062 | ||
| Module | Forums 4.0.3 | ||
| Stylesheet | "SofaWare Forums" | ||
| Wordlet Set | "Default Wordlet Set" | ||
|
sofaware.infopop.cc SofaWare Discussion Groups SmartCenter Management split dns and site-to-site vpn | View $GS_USERNAME's Public Profile |
| Add $GS_USERNAME to my Buddies |
| Add $GS_USERNAME to my Ignore List |
| View Recent Posts by $GS_USERNAME |
| Notify me of New Posts by $GS_USERNAME |
