I need to allow DNS lookups for a particular .tk domain.
I read this old thread but " Add an Exception for wiki.tcl.tk in 'Advanced Protection >> Advanced Threat Protection " doesn't work. The DNS lookup traffic is still blocked.
I'm in the same situation…
It's become apparent that about 90% of the incoming external DNS requests are being blocked at the firewall.
Config:
Our public NS1 is a Windows 2012R2 server, running in a DMZ. There is a simple DNAT rule (Any -> DNS -> External IP ==> Change dest…
There have been multiple posts about the IPS alarms for suspicious DNS queries, especially alarms that occur when a lookup is attempted on a free-registration domain like .TK or .ML
The logic of DNS blacklisting makes sense: It is easier to block a…
I've been doing some network refreshing over the past week. Today I spun up a new DHCP server pointing to new DNS servers.
The setup is pretty straightforward - we have two VLANs phones and data. The new DHCP and DNS Servers worked fine on the Data…
Hello
I have a UTM but when wanting to do a Network object, it does not solve the Balancers (AWS ELB) and it does not solve the names like google.com, etc, making the requests in support tools I throw a ping and it does not solve the error of (The ping…
Hello,
We have 3 RED networks (working in split mode) which include multiple windows hosts. The users RDP into those windows hosts. Everything works however, we want to be able to assign hostnames to our hosts so that users don't have to remember the…
Hi all, While testing some stuff on travel, I've discovered that my SSL VPN connected client can make DNS requests to ANY dns server (home ISP router, Google public DNS etc). That's a little weird to me because my Network Protection --> Firewall --> Rules…
Sophos SG135 running UTM9.4
If I do an nslookup of dot.tk using 8.8.8.8 as the server from inside my LAN I get timeouts. From another workstation that is connected directly to the ISP it works fine. All other DNS lookups from inside the LAN work fine…
I'm new to UTM and struggling to get some basic filtering rules set up. I have no idea at this point if I'm supposed to be using web filtering or firewall rules, or if this is a separate (possible related) DNS issue.
I have several servers on a network…
Okay I have a Sophos UTM 9 Firewall set up. I have built two BIND DNS servers; one internal for doing recursive queries and one for an external domain with no recursion (so it doesn't act as if it's an open resolver.)
I've correctly configured DNATs…
Hi all,
I need some help again...
since two days we have permanent IPS-Actions:
2016:08:25-10:09:11 astaro snort[4691]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="reject" reason="BLACKLIST DNS…
Out of the blue today our UTM 9 started dropping (I think) all google domain related sites. All google related sites fail with:
Your connection is not private
Attackers might be trying to steal your information from www.google.com (for example, passwords…
Hi folks,
I read this in our weekly UTM9 report:
Most blocked source IP address is 42.120.221.11 (China), port 53 (DNS), 161.684 packets blocked.
Destination IP is the internet interface on the Sophos.
So what does that mean? Why are they sending…
