I guess you are looking for a http_resource solution. I think this is the only way to resolve urls for use in access lists. Have a look to them.
________________________________ From: Mailing list for discussion of Firewall-1 on behalf of Delava = Alain Sent: Thu 09/02/2006 10:10 To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM Subject: [FW-1] NGX, dynamic object resolution problem Hello there, I have an NGX cluster (R60 HFA2 on SPLAT) in active/active load sharing with ClusterXL and my problem is the following: When trying to use dynamic objects (such as "microsoft.com" or "www.google.com" for example), an 'accept & log' rule does not work. I have found that an error message appears in the Tracker each time I want to use the rule (i.e. when I initiate a connection through the fw) : [!] origin : FWCLUNODE1 product : vpn-1 pro/express interface : daemon type : alert information : "reason: failed to resolve dynamic object: 257" I have therefore checked the my two cluster nodes (as well as the smart centre) can resolve DNS names, which is the case (nslookup in expert mode works well). But a tcpdump on both nodes while attempting to connect (--> triggering the "use" of the rule with a dynamic object) does not show anything ; i.e. it is as if the enforcement module cluster nodes do not issue a DNS query at all. [Nevertheless I don't know if CP's behaviour is really to make a DNS query each time you use a rule with a dyn obj]. I've not found anything about this error message in the Secure Knowledge... Can anyone help on this issue? Thanks -- Alain ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
