I have been having this problem sice I have bought this appliance. Everything works absolutely fine except that SOME of the people that try to connect to our site cannot get here becacuse they cannot query our DNS servers. Yet MOST can get to our site and send us email just fine. I am pulling my hair out with this problem and am going to throw it through a window. I have my old router in and that works just fine.

Here is my setup:

1) We have 128 ip address that are statically NATted to various internal machines (i.e. mail server, web servers, DNS, etc)

2) I have used ALLOW rules to NETWORK OBJECTS and have pointed the rules to both DNS servers using both TCP and UDP on port 53.

3) My DNS servers are MS Windows 2003 R2 DNS Servers that are completely up to date on patches and service packs.

4) I am using the Safe@Office 500W product with the latest firmware 7.5.55x.

5) I have set the logging of DNS connections as was able to work with the IT dept of one of our clients to see that the firewall was accepting his connections to DNS from both of his servers. Even though it looked like it was accepting fine, he was getting querying problems or network errors. The minute I put my old router back in, everything works fine.

What can I do here? The only thing I can think of is to lower the SmartDefense to almost nothing, but that defeats the purpose of the firewall appliance and besides I think that doesnt work either (can't remember if I tried it or not)

Hello,

if you have possibility, use a switch with port mirroring, and capture all dns packets entering and leaving the firewall.
This way you can find if/why the safe@ refuse some packets.

The problem is, is that it is NOT refusing the packets. When I log the connections to that port they are accepted and I can see they are accepted from the specific servers in question, yet they are unable to query the DNS on their end. They get errors as if nothing replies back. Maybe it is something when it is leaving I need to capture. I'll see what I can do, but I am not rocket scientist when it comes to port monitoring. I have Wireshark, but shouldnt I be ab le to use the sniffer on the Firewall itself to see what is happening?

hi,

yes you can also used the firewall itself. Active port sniffer with filter 'host x.x.x.x' where x.x.x.x is the public ip of your customer.
With Wireshark you can try to capture between your server and the firewall and later on the WAN port of the firewall, to check if the answer from your server is blocked or modified.

Thanks I will try this...

Hi,

I'm experiencing exactly the same problem.
Have you managed to solve it ?

Thanks!
Marius.

I had some problem with the dns.

I had the "internal" DNS feature activated. The domain/workgroup used was "HOME"

The problem occured when I tried to query a domain name which begins with "HOME" like www.homegate.ch

I changed the box's domain/workgroup to "HOME.LAN" and did not have a problem since.

Hope this can help

Regards