dns for webfiltering

Question

Hello all,

the webfiltering profiles work good. it is ok. But, when the user changes dns ip on pc, her/his pc does bypass webfiltering.

For ex. twitter.com blocked in wf profile. Internal network get dhcp and dhcp is fg. Dns server 10.0.0.5.

When the pc take a ip address from dhcp and dns 10.0.0.5, twitter.com is blocked. it is good.

But, the user changer dns ip for ex. 8.8.8.8, twitter.com is passtroughed.

How can i block this situation?

Thanks.

emnoc · Answer

Please a firewall rule that retsrict DNS to the set of DNS-namservers that you allow. Run diag debug flow on the client and google-dns and see what fw-policy is being hit.

e.g

diag debug disable

diag debug reset

diag debug flow filter addr 8.8.8.8

diag debug flow show console enable

diag debug flow trace start 100

diag debug enable

And then have the machine with the google-public dns start up a webrowser and see the fwpolicy that leaked thru DNS.

After your done, disable the diagnostic function.

diag debug reset

diag debug disable

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded