Hot!DNS being passed when not permitted

Author
johnm
New Member
  • Total Posts : 9
  • Scores: 4
  • Reward points: 0
  • Joined: 2008/11/20 13:06:08
  • Status: offline
2019/08/12 13:33:15 (permalink)
0

DNS being passed when not permitted

Why is DNS traffic being passed even though it is not explicitly permitted?  Such things cause me concern.  Is it the DNS helper?
 
Version: FortiGate-500E v6.0.5,build0268,190507 (GA)
 
flow trace:
id=20085 trace_id=2449 func=print_pkt_detail line=5494 msg="vd-root:0 received a packet(proto=17, 202.xx.17.50:53743->104.44.193.243:53) from agg1.930. "
id=20085 trace_id=2449 func=init_ip_session_common line=5654 msg="allocate a new session-07c990cc"
id=20085 trace_id=2449 func=vf_ip_route_input_common line=2591 msg="find a route: flag=04000000 gw-122.yy.111.60 via agg1.200"
id=20085 trace_id=2449 func=fw_forward_handler line=751 msg="Allowed by Policy-4294967295: SNAT"
id=20085 trace_id=2449 func=__ip_session_run_tuple line=3322 msg="SNAT 202.xx.17.50->122.yy.111.61:53743"
id=20085 trace_id=2449 func=__ip_session_run_tuple line=3373 msg="run helper-dns-udp(dir=original)"

John
#1

1 Reply Related Threads

    johnm
    New Member
    • Total Posts : 9
    • Scores: 4
    • Reward points: 0
    • Joined: 2008/11/20 13:06:08
    • Status: offline
    Re: DNS being passed when not permitted 2019/08/15 22:15:05 (permalink)
    0
    a bit more info... so it appears to be the "implicit-allow-dns".  I believe that may be set when choosing NGFW Policy-mode.  The problem is that "implicit" rule does not use the central SNAT policy, and does an interface SNAT regardless.  bug?
     
    https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts%20-%20Firewall/DNS%20traffic%20in%20NGFW%20policy-mode.htm?Highlight=policy%20mode
     

    John
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5