I need someone to explain this for me?

Basically you dont need a DNS Firewall policy because the DNS Server is setup by the ACL under Device access. 

So if you enable for LAN DNS and your client is asking the XG to get a C2 Name of it, it will be shown as above. 

Can you show us the advanced view of logviewer of this alert? 

Basically you dont need a DNS Firewall policy because the DNS Server is setup by the ACL under Device access. 

So if you enable for LAN DNS and your client is asking the XG to get a C2 Name of it, it will be shown as above. 

Can you show us the advanced view of logviewer of this alert? 

Hi MBP,

I will see if I can locate the log viewer entry. 

The DNS rule shows no traffic, so that is why I am asking for an explanation.

Ian

Hi MBP,

update.

I have deleted those DNS rules. I have not been able to locate any record for the reported device as actually performing a DNS lookup and hitting a firewall rule eg no DNS entries in log viewer which means all DNS look ups are with the LAN as managed by the XG.

Ian 

Hi Ian,

i am not able to follow you. 

Your Clients are using the XG LAN interface as a DNS Server, right? 

So if you disable the LAN to WAN Rule for DNS, it should still work, if you have tick the DNS service under device access? 

Hi MBP,

Sometime back I was having issues with setting up the XG DNS, so I added firewall rules (IP4 and IPv6) with only DNS access allowed. I have resolved the issues and now all devices use the XG as their DNS. The issue I raised above is where one device that uses the XG only.

I hope that clarifies the issue?

Ian