Hello!
After upgrade our 100D, in Forward traffic we can see messages:
IP77.88.8.1Host Namesecondary.dns.yandex.ruPort53Interfacewan1ApplicationNameUnknownCategoryunscannedProtocoludpActionActionDeny: DNS error
AND
IP77.88.8.1Host Namesecondary.dns.yandex.ruPort53Interfacewan2ApplicationNameUnknownCategoryunscannedProtocoludpActionActionDeny: IP connection error
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
lmccuistian wrote:I'm have the same issue on my Fortigate 100E FortiOS 5.4.4. I tried deleting the session helper, without luck (but it didn't seem to hurt anything either). I also verified my DNS Source IP is 0.0.0.0 already too.
@MikePruett, you stated you created some new security sensors. Are you saying you created new security profiles (AV, Web Filter, App Control, Etc..) across the board, or just for the ones that tied to a policy for DNS traffic?
lmccuistian - what are you using for system DNS? If you have private DNS servers set there, try switching them to FortiGuard or public DNS to see if it helps. We typically have that set up, and then use internal DNS for any DHCP scopes running on the FortiGate.
I tried that, but no luck there either. Still logging Deny: DNS Errors and also Deny: IP Connection Errors.
On my other Fortigate devices I typically have the primary DNS set to an internal DNS and secondary set to external. The primary reason for this is so that in my logs, it will resolve internal hostnames.
On one of the Gates that I was experiencing this issue with I had to recreate profiles for my security functions. It's as though the originals were corrupt post update.
Mike Pruett
I was using the default security profiles that ship with the unit, just had modified them a bit to meet my need. But I just tried as you suggested and created brand new profiles for AV, Webfilter, App Control, Proxy, and Certificate Inspection applied the new ones to every policy that is using them, but it made no change for me. I'm getting nothing but Deny: IP connection errors in my log.
FWIW, I just installed a Fortigate 200D with FortiOS 5.4.4. About 30% of the DNS requests were getting the DNS Error message. Deleting the DNS session-helper seems to have eliminated all the DNS error messages. Throughput greatly improved.
Thanks for the fix, gsarica and FortiSupport.
I have the same situation were we have FML behind FGT and in FAZ we see lots of "Deny: DNS error" and "IP connection error" from FML source IP.
I tried deleting the DNS session-helper but that didn't help.
And in FML system events we see:
UDP DNS response is truncated, try DNS query in TCP (happened 115900 time(s)), DNS question section:{name=yahoo.com, qtype=16, class="1"}
Not really sure what to do.
Thanks
Hello,
Same errors with same device and same OS.
Did you fix the issue ?
Thanks
Regs
Sorry, I didn't update this thread sooner. I think I found the solution to my problem. It seems the log severity was set much higher than it should have been. I set the log severity to informational by using the commands below and now I have a usable log. config log mem filter set severity information end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.