Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS port 53 listed as bittorrent in firewall

Posted on 2010-09-02
7
Medium Priority
?
1,168 Views
Last Modified: 2012-08-13
Our Fotigate Firewall occasionally lists the port 53 (dns) as bittorrent and due to rules blocks it. Thus shutting down internet access.  Any thoughts on how this is happening The problem came and left mistriously then just came back again.  Fortinet has yet to reply to my guestion.  thanks
0
Comment
Question by:Bill Doherty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Accepted Solution

by:
siht earned 500 total points
ID: 33593321
Is one of your users using bitorrent on the sly?
Most bittorrent clients allow you to set the ports it uses, perhaps a user has set a bittorrent client to use pore 53 but your firewall is smart enough to recognise the protocol.

That would explain the on and off nature of the issue.
0
 
LVL 6

Assisted Solution

by:Nuttycomputer
Nuttycomputer earned 500 total points
ID: 33593335
As siht said if your firewall rules are based on stateful inspection of the application layer (L7) then this port will occasionally be blocked for several reasons.

One is if as siht stated the user has purposefully set their torrent client to use port 53 but more likely it's because most torrent applications DO use port 53 to resolve names of trackers. I would recommend putting a rule at the top of your firewall list to explicitly allow DNS traffic so that the rule is processed before the bittorrent one.
0
 
LVL 2

Assisted Solution

by:fs40490
fs40490 earned 500 total points
ID: 33593374
Fortigates are application aware firewalls and many of the application aware firewalls will block traffic that is not supposed to be passing on proxied ports.  It sounds like the firewall actually is blocking all 53 traffic which dies not sound as though it is the correct action for the firewall to take.  If it is truly blocking traffic dynamically it should only block the traffic that is violating the policies while allowing other traffic to flow.

NuttyComputer does the Fortigate process rules from top to bottom or do they conduct a best match with regards to rules?  If they process top to bottom I agree that it will probably work putting an explicit rule at the top and I would not enable all of the extra checks.

If you have an internal DNS server that all of the clients point to, you should set up a rule that only accepts DNS from your internal DNS as an extra precaution.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Bill Doherty
ID: 33593430
Thank you all for the insight.  I suspct the fortigate is learning application as suggested by all and have tried the rule positioning as well for some reason once te fortigate labels the port 53 as bitorrent instead of dns it ignore the pass dns rule..  my work around is open or pass bittorent until i find the student smarter than me....  ;)

0
 
LVL 4

Assisted Solution

by:Whiterat
Whiterat earned 500 total points
ID: 33651250
Hi mwpai,

Is everyone using the same DNS servers?

If so try placing a policy above it with access to just those servers with the service set to DNS.

Since Fortigates work top to bottom it should it it earlier in the chain than the application filtering policy.

Thanks,
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33651257
Or edit the App control list and add DNS as pass above the one to block bittorrent.
0
 

Author Closing Comment

by:Bill Doherty
ID: 33770600
All expert advise was easily understood however they did not work as intended. Fortinet suggest i do an upgrade to which the problem may be resolved. I feel that the system is doig what it is designed to do, learn and adapt to changes that can degrade a system.  It is a case of someone staying ahead of the firewall.  What happens when users start using port 80 for programs? Will firewalls shut down everything?  It lookd that way....Thanks for the help, everyone!...
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question