Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

PaulR_
New Contributor

Created on ‎02-14-2018 04:22 AM

How do I test if Firewall is blocking DNS forwarding?

I'm setting up a network for about 50 users.  I configured a domain controller and DNS on the same server.  I have successfully joined my computer on the new domain but I am having trouble accessing most domains on the internet.  Our company domain website is hosted externally and I have an A record in the forward look up zone on our DNS server, so it find it and it works just fine.  I can also get to speedtest.org, but nothing else.  

Locally, I have set my IP and DNS setting manually to internal DNS server and firewall.  On the DNS server, I set the IP address to 127.0.0.1 and checked the DNS forwarders and everything appears to be set correctly according to the many articles and forums I have checked.

I also tested by manually setting my local DNS server to external DNS servers, like Comcast, but I get the same results.  I'm starting to think that the firewall is blocking this traffic.  Is there a way to test this?

- PR

Labels:
368
0 Kudos
1 Solution
jvales
New Contributor

Created on ‎02-21-2018 01:39 PM

Hi Paul

If you find nothing in the log, you can use

  • packet captures, on WAN interface, with a filter on forwarders. 
    Do you see outgoing DNS requests ?  and incoming responses ?
  • diagnose debug flow with filter.

View solution in original post

357
0 Kudos
3 REPLIES 3
rmoussa
Contributor

Created on ‎02-17-2018 06:12 AM

Check the Fortigate logs, if anything is blocked it should be displayed there.

You can also do a debug.

Rony Moussa

NSE Certified : Level 8

Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8
357
0 Kudos
jvales
New Contributor

Created on ‎02-21-2018 01:39 PM

Hi Paul

If you find nothing in the log, you can use

  • packet captures, on WAN interface, with a filter on forwarders. 
    Do you see outgoing DNS requests ?  and incoming responses ?
  • diagnose debug flow with filter.
358
0 Kudos
AnonMemb
New Contributor II
In response to jvales

Created on ‎07-05-2018 12:43 AM

Most essay writers UK touch confused by your question. does one need to forward AN universal resource locator so once individuals visit WWW.yourdomain.com, they see another website? If this is often what you are looking for then you wish to line up an internet forward (URL forward). this could be finished a straightforward airt so WWW.yourdomain.com changes to WWW.theotherdomain.com within the address bar.

357
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.