Dear all,
 
     I have two cisco ASA firewalls in my internal network in cluster mode which is configuard with DNS packet size of 512 bytes. I am getting thousends of requests of larger size of DNS packets, Where my ASA firewall is droping and Iam getting log for every drop and my log server is filling up with these messages.
      I have Fortigate firewall 620B in cluster mode (with IPS,AVand application controll is enabled) at external side of my network where I have configured all the policyes.Now I want to stop the larger size of DNS packets at my external firewall side. So I won' t get these packers to my internal firewall.Is there any way to do this in fortigate firewall.
 
    Regards,
    Jai Kishore FCNSA