This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Firewall... oddity detected in firewall. Help...

UTM Firewall... oddity detected in firewall. Help...
Here is the two lines I'm referring too:

23:00:08 DNS request UDP 192.168.x.66 : 51805 202.112.0.44 : 53 len=70 ttl=128 tos=0x00 srcmac=94:de:80:27:4e:2f dstmac=00:25:90:f2:cb:67

23:00:08 Country blocked UDP
192.168.x.66 : 51805 202.112.0.44 : 53 len=70 ttl=127 tos=0x00 srcmac=94:de:80:27:4e:2f dstmac=00:25:90:f2:cb:67

As you can see, first row, my Internal DNS server (x.66) accepts and forwards a DNS request to the 202.112.0.44 address and the firewall allows it. Then immediately afterwards, it tries again, however this time it gets blocked.

I am unable to figure out why this is happening, and what is causing it.

I have endpoint protection enabled on the DNS server, and no errors/warnings have been trapped. I've looked at my DNS logs on the DNS server, and I do not detect anything odd as well.

Any suggestions?

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Oliver, when posting lines from the Firewall log, always show the lines from the full Firewall Log file. Alone among the logs, the Firewall Live Log shows abbreviated information in a format easier to read quickly. Normally, one only can solve problems with the complete log lines.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago

Oliver, when posting lines from the Firewall log, always show the lines from the full Firewall Log file. Alone among the logs, the Firewall Live Log shows abbreviated information in a format easier to read quickly. Normally, one only can solve problems with the complete log lines.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data