I am working on migrating functionality from UTM to SFOS on XGS3300 hardware.
This organization subscribes to this DNS filtering service: https://www.cisecurity.org/ms-isac/services/mdbr
In the UTM, it was easy to bottleneck DNS queries so they are funneled into MDBR DNS FIltering.
Architecture:
1. Internal endpoints DNS1 & DNS2 = AD Domain Controller DNS servers.
2. AD DCs DNS1 & DNS2 = another DC and UTM INSIDE interface.
3. UTM DNS1 & DNS2 = MDBR IP addresses.
DNS Query Flow:
1. Endpoints ask AD DCs for name resolution.
2. ONLY AD DCs are explicitly allowed to ask the UTM for name resolution.
3. UTM asks MDBR for name resolution, then relays the answer back down to the endpoint.
Any internal host that tries to make a DNS query outside of that bottleneck = the query will fail.
How can I reproduce this on SFOS?
Thanks!
This thread was automatically locked due to age.
