topic Re: How to prevent my firewall to stop responding to external DNS queries in General Topics

How to prevent my firewall to stop responding to external DNS queries

engreda22 — Mon, 21 Dec 2020 21:35:46 GMT

Hi ,

currently if anyone from public network uses the external IP of the firewall as a DNS server and try to send DNS query , my FW is responding to that queries which is high risk .

how to stop FW from responding to any DNS queries knowing that the DNS proxy is not configured and our DNS security subscription is expired .

Re: How to prevent my firewall to stop responding to external DNS queries

S.Cantwell — Mon, 21 Dec 2020 22:12:30 GMT

Good Day

Sounds like you have sinkhole functionality enabled under the Anti Spyware Profile.

Double check and advise.

I am also trying to determine why your config has the DNS server for your company pointed to the FW (as if perhaps DHCP is enabled on FW).. That can be confirmed by Network tab, then DHCP Server.

Else, you could try a test and manually configure a client to NOT use the FW (changing the DNS server on the computer)

Re: How to prevent my firewall to stop responding to external DNS queries

engreda22 — Tue, 22 Dec 2020 11:16:04 GMT

Thanks Steve for your response

Actually it is part of penetration testing like from public network we tried nslookup with our fw ip address and it responded .

Antispayware profile is not applied to any policy

Re: How to prevent my firewall to stop responding to external DNS queries

CoreHR — Tue, 22 Dec 2020 16:03:39 GMT

It will be responding because you haven't specifically blocked the traffic and intrazone traffic is allowed by default. Just set up a rule that blocks outside-to-outside traffic on UDP 53 and that should stop it.

I set up rules to deny all inbound traffic that isn't on the specific ports I'm expecting, just to reduce a bit of CPU load.

Re: How to prevent my firewall to stop responding to external DNS queries

engreda22 — Wed, 23 Dec 2020 17:53:00 GMT

Actually the issue raised only when the user is connected to VPN (like hotspot)

for any other situation it is not responding

so it something happens through the vpn tunnel only.

have you tried that ?

connected to any vpn (not corporate vpn) then do nslookup with external ip of your firewall and check if it will reply or not

Re: How to prevent my firewall to stop responding to external DNS queries

MP18 — Fri, 25 Dec 2020 05:10:43 GMT

@engreda22

As per my understanding your issue is that if someone does nslookup for the firewall public ip then it should not resolve right?

This depends on your DNS server where you have a host or A record entry for your firewall hostname and Public IP address.

It also depends if you have your firewall public IP used for VPN etc then you need your firewall need to resolve it.

In our company we have firewall public IP address that is used for natting and external connections coming from Internet to our public

facing apps but those IP does not resolve as we have our own DNS server with Internal and External Zone.

Also we have Global Protect VPN that has public IP address and that address gets resolve as we need that to make VPN work.

Also we have DNS entry for our firewall VPN hostname with Public IP address in our DNS External zone.

Let me know if you have any more questions.

Regards

Re: How to prevent my firewall to stop responding to external DNS queries

engreda22 — Sat, 26 Dec 2020 10:30:21 GMT

I did some testing and prove that the response is not happening by our firewall .

it is bad behavior from the vpn application.

thanks for all