Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 3876 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I need someone to explain this for me?

rfcat_vk

Hi folks,

I am a little puzzled by a report in there XG GUI and more details in the report section. The issue is my wife MBP is shown as having been attacked by a control "nasty" using the DNS.

On my XG there are two firewall rules allowing users to access DNS, 1 in IP4 and the other in IPV6. The IP4 rule does not show any traffic. Does this mean the XG DNS proxy is not really a proxy?

Please see a report extract below.

Thank you

Ian



This thread was automatically locked due to age.
  • 0

    Basically you dont need a DNS Firewall policy because the DNS Server is setup by the ACL under Device access. 

    So if you enable for LAN DNS and your client is asking the XG to get a C2 Name of it, it will be shown as above. 

     

    Can you show us the advanced view of logviewer of this alert? 

  • 0 in reply to LuCar Toni

    Hi MBP,

    I will see if I can locate the log viewer entry. 

    The DNS rule shows no traffic, so that is why I am asking for an explanation.

    Ian

  • 0 in reply to rfcat_vk

    Hi MBP,

    update.

    I have deleted those DNS rules. I have not been able to locate any record for the reported device as actually performing a DNS lookup and hitting a firewall rule eg no DNS entries in log viewer which means all DNS look ups are with the LAN as managed by the XG.

     

    Ian 

  • 0 in reply to rfcat_vk

    Hi Ian,

     

    i am not able to follow you. 

    Your Clients are using the XG LAN interface as a DNS Server, right? 

    So if you disable the LAN to WAN Rule for DNS, it should still work, if you have tick the DNS service under device access? 

  • 0 in reply to LuCar Toni

    Hi MBP,

    Sometime back I was having issues with setting up the XG DNS, so I added firewall rules (IP4 and IPv6) with only DNS access allowed. I have resolved the issues and now all devices use the XG as their DNS. The issue I raised above is where one device that uses the XG only.

    I hope that clarifies the issue?

    Ian