| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] weird problem with securemote and dns
Hello all,
I have run across a weird problem with my securemote users and I was
wondering if anyone has seen this before.
My securemote users were having trouble with dns resolution. They couldn't
resolve any names and did have my internal dns as their resolver.
My firewall SR rule allows a service of ANY for the SR users. The firewall
policy properties had dns queries udp not checked (as is recommended). I
felt sure the service of any would take care of what was needed. However,
there was a problem. So I snooped the external interface and saw the dns
queries coming in. I snooped the internal interface and did not see the
dns queries. So, I looked in the fw log and did see the domain-udps in the
log with 'decrypt' (as should be). There were no drops in the log
whatsoever and yes, I am logging everything including implied rules.
Anyway, I then went back to firewall policy properties and checked dns udp
queries for 'first'. And, viola, everything worked okay. The trouble is
that I don't understand WHY the service of any didn't cover dns AND WHY the
log didn't show this as being dropped.
Any ideas??
THANKS!
Donna
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
