Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 849 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall not picking up IP for FQDN

SOMOA

have a firewall rule to allow outgoing connects for teamviewer using a FQDN of *.teamviewer.com

However, when local endpoints trying to connect using one of the IPs in this FQDN the firewall blocks the request due to it bypassing the rule.

I can see the IP under this FQDN in the hosts and services.

This rule has been working fine for 12+ months. Any idea why this may not be working now?



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Greetings,

    You may enable the FQDN-host eviction with the 60 seconds of the interval and validate it further.

    You may also refer to the below KBA:

    https://support.sophos.com/support/s/article/KB-000041593?language=en_US

    If enabling suggested settings does not help, I would suggest raising it to the support as we have one known issue (NC-100716) with it. 

    Mayur Makvana
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to MayurMakvana

    That is interesting. 

    I get results saying IP is not in set hostset on the CLI. However, in the GUI it is clearly showing the same IP included. I also have one computer that can connect and passes this rule and another PC that keeps bypassing the rule for that same IP.

    Should GUI and CLI have different results here?

    The DNS request is always returning the same IPs, so I am not sure why it keeps dropping off.

    When I rename the FQDN in the GUI and change it back, this clears all the current records on it and allows both computers to connect again.

    I assume if the "set fqdn-host cache-ttl 86400" to extend the TTL may help keep the IP in the set longer.

Reply
  • 0 in reply to MayurMakvana

    That is interesting. 

    I get results saying IP is not in set hostset on the CLI. However, in the GUI it is clearly showing the same IP included. I also have one computer that can connect and passes this rule and another PC that keeps bypassing the rule for that same IP.

    Should GUI and CLI have different results here?

    The DNS request is always returning the same IPs, so I am not sure why it keeps dropping off.

    When I rename the FQDN in the GUI and change it back, this clears all the current records on it and allows both computers to connect again.

    I assume if the "set fqdn-host cache-ttl 86400" to extend the TTL may help keep the IP in the set longer.

Children
No Data
Unfiltered HTML