Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1155 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intermittent Internet Outage due to DNS error

Madni Malik

hi,
i have XG210 with V18 Mr5, my clients are in LAN zone and Domain controller/DNS is placed in DMZ. dns address of client end is domain
contorller. when user want to go to internet then 1st of all for dns resolution it goes DNS server placed in DMZ and then it. then it browse
from last few days i am facing that
there is intermittent Internet outage. it shows me that DNS probe error in browser. can you please guide me how to dig out that firewall is not
diturbing this traffic.



This thread was automatically locked due to age.

Top Replies

  • in reply to Madni Malik +3

    HI Madni ,

    If you closely look into the Drop packet logs :

    Date=2021-07-30 Time=13:57:33 log_id=0110021 log_type=Firewall log_component=Identity log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev=Port3 inzone_id=1 outzone_id=3 source_mac=4c:00:82:4a:e8:41 dest_mac=00:1a:8c:51:9c:3e bridge_name= l3_protocol=IPv4 source_ip=192.168.10.218 dest_ip=192.168.20.2 l4_protocol=UDP source_port=50856 dest_port=53 fw_rule_id=2 policytype=1 live_userid=0 userid=65535 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=265032960 masterid=0 status=256 state=0, flag0=2748781166600 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    The above one is getting hit to the Rule Id No.2  and the component it has is Identity So, that points out the Authentication related concerns here.

    Seems like there is something wrong with authentication here in the rule . Could you please share the snap of the Full rule and also see username of IP 192.168.10.218.

    This kind of concerns may happen, if you have applied the user auth in the rule or user is coming with NTLM/ Kerberos Key but the firewall already have it expired or invalid.

    Upvote if you like the answer.

    Jump to answer
Parents Reply Children
No Data