[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Domain-udp on accept, domain on drop
JL, In your policy properties, the Accept DN over UDP and TCP are disabled by default. Either you have checked only the Accept DN over UDP or you have placed a rule to allow only for queries(DN over UDP) and disallowed the Accept DN over TCP. You should notice that the rules that drop/allow the packets are different. If the 'domain-udp' is from rule 0 (zero), then it's from the policy properties. Are you allowing zone transfers from outside? Unless you have a need for this, you can continue to allow the DN over TCP(domain service) to be dropped. As you pointed out, these are coming from someone outside of your site, which means the firewall is doing what you paid the big [add your currency here] for. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> J L <[email protected]> 11/14/00 5:23:18 AM >>> > >I'm seeing something very strange in my firewall logs. > >It's about a dns behind a fw1 4.1 sp1. Without >changing any rule, when the dns server asks another >dns outside my network, sometimes the fw accepts it, >sometimes drops it. > >When accepting, the logs shows 'domain-udp' in the >'service' column. When droping it, it shows 'domain' >service. Both rules has 'long' track enable. > >It happends in block, i mean, there are, for example, >20 lines accepted, then another 15 dropped, and so on. > >anyone can help me? ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|