The domain objects are not a good way to be used through the rulebase for "Source" or "Destination", they get cached and the rule will take longer to be processed during the initial resolving. Maybe configuring a local network DNS or even caching server on the module will make it resolve a little faster. You need to use "Dynamic Objects" if you want the domain names to be resolved through the rulebase. That works.
On 10/3/05, "Berg-Olsen, Børge" <[EMAIL PROTECTED]> wrote: > > Gurus of the list, > > I have trouble understanding how the domain network objects work - or do > they? Whenever I try to use one of these objects in the rulebase every rule > in the rulebase seems to stop working and the firewall drops / blocks all > traffic. First I thought it was on the account of slow DNS lookups, but it > now I have doubts as I am doing the exact same thing on my testbed and the > same strange thing happens there. > > I have created a domain network object that contains .windowsupdate.com > which I have put as one of the last rules in the rulebase. > > Rule is as follows: > > Any | .windowsupdate.com | Any | Accept | Log > > Platform is Nokia IPSO 3.7.1 CheckPoint NG AI RG55 HFA#14 with a W2K > server as the management station. > > What am I missing? > > Cheers, > > Børge Berg-Olsen > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
