Dynamic dns and Checkpoint

[suderman]

Hello

I'd like to ask about dynamic dns update issue and Checkpoint firewall that is preventing it ... at least I suppose it's Chckpoint's fault.

We use Checkpoint R55 (SecurePlatform) to route traffic between part of vlans in our network (HSZ, DMZ).
When the traffic is going through Checkpoint firewall client machines do not register in Dns forward lookup zone, they're registering in reverse lookup zone only.
I search in logs for a traffic that is blocked but didn't find anything interesting.

For vlans that are not filtered by Checkpoint (DFZ) there is no problem.
Dns Server (Windows 2003) is also in DFZ.

Do You know if something must be set on Checkpoint to let it pass ?

Any idea appreciated.

Thanks.

 

[FWHATER]

R55 came in a few different flavors. R55W had some issues. It dropped rpc packets, which is vital to dns. There was also R55P as well. Find out which one you have. If you have applied the latest HFA and it doesn't help, try building another fw using splat, only this time using a later version like R60. You may be surprised to find that your problem has magically disappeared.