Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM DNS > Global > Allowed Networks -- how to reproduce in SFOS?

I am working on migrating functionality from UTM to SFOS on XGS3300 hardware.

This organization subscribes to this DNS filtering service:  https://www.cisecurity.org/ms-isac/services/mdbr

In the UTM, it was easy to bottleneck DNS queries so they are funneled into MDBR DNS FIltering.

Architecture:

1.  Internal endpoints DNS1 & DNS2 = AD Domain Controller DNS servers.

2.  AD DCs DNS1 & DNS2 = another DC and UTM INSIDE interface.

3.  UTM DNS1 & DNS2 = MDBR IP addresses.

DNS Query Flow:

1.  Endpoints ask AD DCs for name resolution.

2.  ONLY AD DCs are explicitly allowed to ask the UTM for name resolution.

3.  UTM asks MDBR for name resolution, then relays the answer back down to the endpoint.

Any internal host that tries to make a DNS query outside of that bottleneck = the query will fail.

How can I reproduce this on SFOS?

Thanks! 



This thread was automatically locked due to age.