level9tech
asked on
FireBox cannot resolve domain names
We implemented a FireBox x550e in place of a Cisco Pix. All the configuration settings seem to be copied over correctly. When the FireBox is in use our DNS does not work. Using public IP's is the only way to get to Internet sites. Why would the FireBox effect our DNS. Is the DNS entered incorrectly? What else could it be?
ASKER
DNS is still not being resolved. Any ideas?
Where is your DNS hosted, is it on the inside network; or at your ISPs end; if inside make sure that you are using the internal IP and not the public IP for DNS.
Please check and update.
Please check and update.
ASKER
I made sure that check box was unchecked in policy manager, also I am sure I have the correct dns info.
I am using our internal dns server to resolve names. I need to because I am running a windows domain... any ideas what the issue could be ?
I am using our internal dns server to resolve names. I need to because I am running a windows domain... any ideas what the issue could be ?
As I asked in my previous post, are you using internal IP or external IP address for DNS; if you are using external IP address things would not work because in this case the ingress and egress interface would be same on the packet; same thing might work in Cisco as they implement something called hairpin.
Please note you need to use internal IP on the machines only then DNS would work.
One more thing, is your DNS server itself able to go the internet and resolve sites. Also, have you created any 1-1 NAT rules and aliases for the same IP and using this IP for DNS, if so, you need to either remove alias or 1-1 NAT.
Please provide details if you are able to ping/traceroute/do dns lookups from the DNS server itself. further, if you specify some public DNS on some machine is the machine then able to resolve by name.
Please udpate.
Thank you.
Please note you need to use internal IP on the machines only then DNS would work.
One more thing, is your DNS server itself able to go the internet and resolve sites. Also, have you created any 1-1 NAT rules and aliases for the same IP and using this IP for DNS, if so, you need to either remove alias or 1-1 NAT.
Please provide details if you are able to ping/traceroute/do dns lookups from the DNS server itself. further, if you specify some public DNS on some machine is the machine then able to resolve by name.
Please udpate.
Thank you.
ASKER
I am using the internal ip for dns. is there anything inside the firebox that i need to checK? I dont understand why its not working
Is the DNS server itself able to resolve names and go to the internet?
ASKER
yes it resolves names and gets out fine
ASKER
anyone have any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To make sure that DNS is correctly defined in Policy Manager->Network->configur
The steps I have listed would depend on the software version of WG management software; across versions the process remains same but the options might differ; if you have difficult following let me the exact software version and I would list out the exact steps for you.
Please implement and update.
Thank you.