dnsproxy policy?

felixn — Thu, 03 Nov 2011 21:53:15 GMT

What allow policy is needed for granting access to the dnsproxy? - when I try and only allow some things like, dns, web-browsing etc. the dnsproxy stops working - and nothing in the logs

Thanks

Re: dnsproxy policy?

kalavi — Wed, 09 Nov 2011 06:32:21 GMT

Hi,

I am assuming that you actual DNS server is on another zone and you have configured one of your interface as your DNS proxy, that way to allow the DNS request to go through you would need only dns apart from web-browsing and ssl. Here is the test that I ran, Client is 192.168.59.99 and configured with PAN's interface IP 192.168.59.1 as DNS Proxy , whereas the interface is configured to point 4.2.2.2 as the actual server, here is what the session looks like fro client to the interface:

199 dns ACTIVE FLOW 192.168.59.99[56708]/L3-Trust/17 (192.168.59.99[56708])vsys1 192.168.59.1[53]/L3-Trust (192.168.59.1[53])

Here is the session from interface to 4.2.2.2:

193 dns ACTIVE FLOW NS 192.168.59.1[58288]/L3-Trust/17 (10.30.6.59[22005])vsys1 4.2.2.2[53]/L3-Untrust (4.2.2.2[53])

Both the sessions are identified as "dns". If you have same setup and you are having issues you should open a support case.

Thanks,

Khubaib

topic dnsproxy policy? in General Topics

dnsproxy policy?

Re: dnsproxy policy?