Hello,
We have a rule on our UTM to only allow HTTP/S traffic from our WSUS server to the Windows update sites so that the server can download updates. All other web browsing from this server is forbidden.
So the rule is as follows:
Source: WSUS Server
Services: HTTP, HTTPS
Destinations: WSUS Server Group
Action: Allow
The WSUS Server Group is a mixture DNS hosts and DNS groups.
This worked fine in the past with no problems.
When we updated the UTM to 9.700005, the rule stopped working.
In the logs, I can see traffic which should be allowed by this rule being Default Dropped.
Looking further into it, there seems to be two things going on here
1. DNS Groups are not resolving to the correct IPs - even after flushing the DNS cache. Some of the group's reported addresses are different from the results gained if I go to Support, Tools, DNS Lookup
2. Even for those that resolve correctly, the UTM isn't applying the rule to the DNS Group/Host.
Troubleshooting tried:
1. The rule works if I change the Destinations to Any. So that rules out other networking strangeness
2. If I put in a simplified destination of just bbc.co.uk as a DNS Group, I am unable to browse to bbc.co.uk
3. If I use an ip rather than a DNS Host or Group, it all works ok.
Any ideas? As I say, all working until about a week ago.
Any help greatly appreciated.
This thread was automatically locked due to age.
