We are running a firewall-1 v.4.1 in a Nokiaip330.Ipso
3.4.
Our network is composed of 1 external dns server
(public zone) and 1 internal server (trusted zone)
I've detected following entries in firewall logs.Is
this normal behaviour? I ve checked in Properties in
Policy Editor and
"Accept domain name over udp"
"Accept UDP replies"
both are allowed.
Suspicious? Log entries
source: some.public.ip.address (random port) >
destination : external.fw1.ip.address (udp/53)
action:allowed
I did a nslookup to my fw and it replied but i m not
getting a response for a regular dns query.
Can anyone explain this behaviour?
i guess for now i will set the follwoing rules:
Any -> Firewall -> any -> drop
Any -> internal_dns(public.ip) -> udp/53 -> allow
internal_dns(internal.ip) -> Any -> udp/53 -> allow
Thanks
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
