Thank you ; I got another answer that helpded me : I was confusing dynamic objects with domain objects. With domain objects it works as expected, my problem is solved.
Kind regards Alain > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Javier Hijas > Sent: Friday, February 10, 2006 11:48 AM > To: [email protected] > Subject: Re: [FW-1] NGX, dynamic object resolution problem > > I guess you are looking for a http_resource solution. I think this is > the only way to resolve urls for use in access lists. Have a > look to them. > > ________________________________ > > From: Mailing list for discussion of Firewall-1 on behalf of Delava = > Alain > Sent: Thu 09/02/2006 10:10 > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM > Subject: [FW-1] NGX, dynamic object resolution problem > > > > Hello there, > > I have an NGX cluster (R60 HFA2 on SPLAT) in active/active > load sharing > with ClusterXL and my problem is the following: > > When trying to use dynamic objects (such as "microsoft.com" or > "www.google.com" for example), an 'accept & log' rule does not work. > > I have found that an error message appears in the Tracker each time I > want to use the rule (i.e. when I initiate a connection > through the fw) > : > > [!] > origin : FWCLUNODE1 > product : vpn-1 pro/express > interface : daemon > type : alert > information : "reason: failed to resolve dynamic object: 257" > > I have therefore checked the my two cluster nodes (as well as > the smart > centre) can resolve DNS names, which is the case (nslookup in expert > mode works well). > > But a tcpdump on both nodes while attempting to connect (--> > triggering > the "use" of the rule with a dynamic object) does not show anything ; > i.e. it is as if the enforcement module cluster nodes do not > issue a DNS > query at all. [Nevertheless I don't know if CP's behaviour is > really to > make a DNS query each time you use a rule with a dyn obj]. > > I've not found anything about this error message in the Secure > Knowledge... > > Can anyone help on this issue? > > Thanks > -- > Alain > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
