topic Re: Troubleshooting traffic being blocked based on IP - FQDN rules in Next-Generation Firewall Discussions

Troubleshooting traffic being blocked based on IP - FQDN rules

Luc_Desaulniers — Fri, 26 May 2023 19:46:28 GMT

Trying to find which FQDN object in my FQDN cache resolves to an IP.

show dns-proxy fqdn all | match <ip> shows me that it's in my cache, but doesn't show FQDN object name, so it doesn't really help.

I'm not sure if there's a way to dump this to a file or something or a more straight forward way to do this.

Any insights is appreciated.

Thanks

Re: Troubleshooting traffic being blocked based on IP - FQDN rules

Adrian_Jensen — Mon, 29 May 2023 02:51:44 GMT

"show dns-cache fqdn all" shows you all the address objects and their resolved IPs. Unfortunately, as you discovered, the object name and resolved addresses are on sequential lines... So if you use a "match" operator you only match the IP line, not the preceding object name line. Even more unfortunately, address objects are not displayed in any discernable order.. .so its even harder to find.

The only "easy" way I've found to do it is to do a "show dns-cache fqdn all" and paste the output into notepad, then find the IP from there and look at the preceding address object name. Alternatively you could probably query all the address objects via the API and filter/return a match, but you would need to write a script in your language of choice to do that.

Re: Troubleshooting traffic being blocked based on IP - FQDN rules

Luc_Desaulniers — Mon, 29 May 2023 19:58:38 GMT

Thanks Adrian, so far that's the conclusion I came to as well, which is kind of limited for the product in my opinion that's a lot of leg work for something that can happen regularly.