Hot!DNS Filter

Author
AKrause
Gold Member
  • Total Posts : 210
  • Scores: 0
  • Reward points: 0
  • Joined: 2006/07/21 01:58:16
  • Location: Germany
  • Status: offline
2018/09/13 01:41:21 (permalink)
0

DNS Filter

We have recently upgraded to FortiOS 5.4.8 and want to use the DNS-Filter.
I have configured a DNS-Filter and applied it to the corresponding firewall policy.
Beside some Monitor or Block settings for some categories the DNS-Filter is configured to log all Domains.

Where can I see the logs of the DNS-Filter? There is no DNS-Filter category on the Log & Report Section on the local FGT-1500D - nor can I find any logs on the connected FortiAnalyzer.
 
 
#1

4 Replies Related Threads

    SecurityPlus
    Gold Member
    • Total Posts : 212
    • Scores: 4
    • Reward points: 0
    • Joined: 2014/08/11 18:41:34
    • Status: online
    Re: DNS Filter 2018/09/14 04:28:43 (permalink)
    0
    Under policy Optionshave you tried turning on Log: All Sessions?

    https://m.youtube.com/watch?v=fY4X4zRilyY

    FWF30E, FG50E, FWF50E, FG60D, FWF60D, FG80E, FG100D
    FortiOS 5.2, 5.4, 5.6, and 6.0
    FAP-221E, FAP-221C
    #2
    Prab
    Bronze Member
    • Total Posts : 55
    • Scores: 4
    • Reward points: 0
    • Joined: 2017/12/04 01:30:25
    • Status: offline
    Re: DNS Filter 2018/09/17 08:09:35 (permalink)
    0
    AKrause
    We have recently upgraded to FortiOS 5.4.8 and want to use the DNS-Filter.
    I have configured a DNS-Filter and applied it to the corresponding firewall policy.
    Beside some Monitor or Block settings for some categories the DNS-Filter is configured to log all Domains.

    Where can I see the logs of the DNS-Filter? There is no DNS-Filter category on the Log & Report Section on the local FGT-1500D - nor can I find any logs on the connected FortiAnalyzer.
     
     


    FortiOS 5.6
    In FortiManager you can view the domains under the Log View -> DNS section:

     
    And on the FGT's GUI under Log & Report -> DNS query
     
    sidenote: In this case the IPv4 policy to which DNS filter was assigned was configured to log the UTM (security events) logs only.
     
    Hope it helps!
    Thanks & regards,
    Prab
     

    Attached Image(s)

    #3
    AKrause
    Gold Member
    • Total Posts : 210
    • Scores: 0
    • Reward points: 0
    • Joined: 2006/07/21 01:58:16
    • Location: Germany
    • Status: offline
    Re: DNS Filter 2018/09/17 23:30:54 (permalink)
    0
    Thanks for your replies. However we are running FOS 5.4
    I raised a ticket at fortinet support. After a lot of ticket pingpong (show screenshots etc..) they finally got the solution: There is no DNS-Filter log in FortiOS 5.4 at all.
    Update to FortiOS 5.6 
     
     
     
    #4
    Prab
    Bronze Member
    • Total Posts : 55
    • Scores: 4
    • Reward points: 0
    • Joined: 2017/12/04 01:30:25
    • Status: offline
    Re: DNS Filter 2018/09/18 02:46:53 (permalink)
    0
    AKrause
    Thanks for your replies. However we are running FOS 5.4
    I raised a ticket at fortinet support. After a lot of ticket pingpong (show screenshots etc..) they finally got the solution: There is no DNS-Filter log in FortiOS 5.4 at all.
    Update to FortiOS 5.6 
     
     
     


    Glad that the Support figured it out.
    There is something you could try, I am not sure if it will help:
    Are the clients using the FGT as a DNS? If yes, then you could try creating a normal IPv4 policy for it and log the traffic for this policy. I think in that case you shall see some logs for the DNS request/replies etc.
     
    #5
    Jump to:
    © 2018 APG vNext Commercial Version 5.5