currently if anyone from public network uses the external IP of the firewall as a DNS server and try to send DNS query , my FW is responding to that queries which is high risk .
how to stop FW from responding to any DNS queries knowing that the DNS proxy is not configured and our DNS security subscription is expired .
Solved! Go to Solution.
Sounds like you have sinkhole functionality enabled under the Anti Spyware Profile.
Double check and advise.
I am also trying to determine why your config has the DNS server for your company pointed to the FW (as if perhaps DHCP is enabled on FW).. That can be confirmed by Network tab, then DHCP Server.
Else, you could try a test and manually configure a client to NOT use the FW (changing the DNS server on the computer)
Thanks Steve for your response
Actually it is part of penetration testing like from public network we tried nslookup with our fw ip address and it responded .
Antispayware profile is not applied to any policy
It will be responding because you haven't specifically blocked the traffic and intrazone traffic is allowed by default. Just set up a rule that blocks outside-to-outside traffic on UDP 53 and that should stop it.
I set up rules to deny all inbound traffic that isn't on the specific ports I'm expecting, just to reduce a bit of CPU load.
Actually the issue raised only when the user is connected to VPN (like hotspot)
for any other situation it is not responding
so it something happens through the vpn tunnel only.
have you tried that ?
connected to any vpn (not corporate vpn) then do nslookup with external ip of your firewall and check if it will reply or not
As per my understanding your issue is that if someone does nslookup for the firewall public ip then it should not resolve right?
This depends on your DNS server where you have a host or A record entry for your firewall hostname and Public IP address.
It also depends if you have your firewall public IP used for VPN etc then you need your firewall need to resolve it.
In our company we have firewall public IP address that is used for natting and external connections coming from Internet to our public
facing apps but those IP does not resolve as we have our own DNS server with Internal and External Zone.
Also we have Global Protect VPN that has public IP address and that address gets resolve as we need that to make VPN work.
Also we have DNS entry for our firewall VPN hostname with Public IP address in our DNS External zone.
Let me know if you have any more questions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!