10-03-2003 09:47 AM - edited 03-09-2019 05:01 AM
I have a client that has a Check Point firewall.
They were considering switching however there is one feature that is a must.
One feature they are using is called DNS rewrite.
For example.
Microsoft has a mail server and mail comes in as @microsoft.com. With the rewrite microsoft could also have an MX record for a misspelling like @mcrosoft.com. Now instead of 10,000 users having two mail addresses the Check Point firewall will rewrite the domain as @microsoft.com.
Does the PIX have a similar funtionality? Is that the DNS rewrite? If so does anyone have any information?
A search on Cisco.com doesn't bring up much for "DNS rewrite"
10-05-2003 09:09 PM
Iam afraid this is not supported. You will need a work-around. I suggest working with DNS/MAIL admin to have all misspelled domains configured with same MX record in DNS. (this probably already done) And creating domain aliases on the MAIL server to the real domain "microsoft.com". It would be less CPU intensive if you go with aliases rather than rewriting every SMTP with new domain on a firewalls.
10-06-2003 06:05 AM
Thank you but they won't go that way. One deciding factor when they purchased the Check Point Firewall was this feature. It really has no impact on the CPU of the Firewall to have the rewrites. The misspelling is few and far between, however it is necessary and they have no desire to add the aliases when there is an easy solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide