How to prevent my firewall to stop responding to external DNS queries

Reply
L1 Bithead

How to prevent my firewall to stop responding to external DNS queries

Hi ,

currently if anyone from public network uses the external IP of the firewall as a DNS server and try to send DNS query , my  FW is responding to that queries which is high risk .

how to stop FW from responding to any DNS queries knowing that the DNS proxy is not configured and our DNS security subscription is expired .


Accepted Solutions
L1 Bithead

hi

I did some testing and prove that the response is not happening by our firewall .

it is bad behavior from the vpn application.

thanks for all

View solution in original post


All Replies
Cyber Elite

Good Day

 

Sounds like you have sinkhole functionality enabled under the Anti Spyware Profile.

Double check and advise.

 

I am also trying to determine why your config has the DNS server for your company pointed to the FW (as if perhaps DHCP is enabled on FW).. That can be confirmed by Network tab, then DHCP Server.

 

Else, you could try a test and manually configure a client to NOT use the FW (changing the DNS server on the computer)

Help the community: Like helpful comments and mark solutions
L1 Bithead

Thanks Steve for your response 

Actually it is part of penetration testing like from public network we tried nslookup with our fw ip address and it responded .

Antispayware profile is not applied to any policy 

L1 Bithead

It will be responding because you haven't specifically blocked the traffic and intrazone traffic is allowed by default. Just set up a rule that blocks outside-to-outside traffic on UDP 53 and that should stop it.

 

I set up rules to deny all inbound traffic that isn't on the specific ports I'm expecting, just to reduce a bit of CPU load.

L1 Bithead

Actually the issue raised only when the user is connected to VPN (like hotspot) 

for any other situation it is not responding 

so it something happens through the vpn tunnel only.

have you tried that ?

connected to any vpn (not corporate vpn) then do nslookup with external ip of your firewall and check if it will reply or not

Cyber Elite

@engreda22 

 

As per my understanding  your issue is that if someone does nslookup for the firewall  public ip then it should not resolve right?

This depends on your DNS server where you have a host or A record entry  for your firewall hostname and Public IP address.

 

It also depends if you have your firewall public IP used for VPN etc then you need your firewall need to resolve it.

In our company we have firewall public IP address that is used for natting and external connections coming from Internet to our public

facing apps but those IP does not resolve as we have our own DNS server with Internal and External Zone.

 

Also we have Global Protect VPN that has public IP address and that address gets resolve as we need that to make VPN work.

Also we have DNS entry for our firewall VPN hostname with Public IP address in our DNS External zone.

 

Let me know if you have any more questions.

 

Regards

 

MP
L1 Bithead

hi

I did some testing and prove that the response is not happening by our firewall .

it is bad behavior from the vpn application.

thanks for all

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!