Watchguard Firewall in Server 2003 Environment - DNS Issues

Posted on 2007-07-26
Last Modified: 2013-11-16
I'm having DNS woes with my newly installed Server 2003 environment.  We have a workgroup network that connects to our Watchguard Firewall via static address.  The firewall has interface0 set to internet and interface1 set to our internal network (  Interface0 is set to (

All desktops are configured static to connect to it.  The configuration on each machine would be similar to:

This week I installed a Windows Server 2003 rack server and started a domain and made it to the DC.  It is set as follows:

Now, my clients have to choose a different gateway and DNS to choose either internet / or server access.  I've tried having them point to the servers address as Gateway and DNS as I have installed DNS on the server, and set forwarding to send requests to the or address.  So far, I have been unlucky.  Anyone know what maybe going wrong?

Question by:jaelae
    LVL 8

    Expert Comment

    Do have watchguard as a dns server?

    Author Comment

    No.  I have not seen any option to enable it as a DNS server.  Only to forward requests to other ones.

    This is a Firebox Core x1250e
    LVL 13

    Accepted Solution

    Most likely problems are that you don't have a rule to allow outbound DNS from your Windows 2003 Server to the Internet.  Don't use the Firebox as a forwarder.  It should be one of your ISPs resolvers.  Alternatively, if you don't know the address for the forwarders, simply remove them and the Windows 2003 server will use recursive lookups and query the relevant root servers.

    Your clients need to use the Windows 2003 as sole DNS server.  Simply leave the second DNS server box blank.  DO NOT use the Firebox as secondary DNS.  DNS is critical to the normal operation of an AD domain.

    Author Comment

    Thanks for the advice.  I must have overthought this and made all the wrong changes.  I left the clients set to the Server as the DNS server (and did the same on the server) - but I set the default gateway on both to the router.  This seemed to fix it all as I can access all network resources, and I am able to access DNS based internet sites.


    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now