DNS forwarding through NG F300, and NG F100DNS
Posted 03 July 2012 - 01:02 PM
Can someone please tell me how to turn DNS forwarding on? I currently use OpenDNS settings and would simply like to configure internal clients to the firewall, then firewall forward to OpenDNS ips, but dont know how to set this up.
Posted 03 July 2012 - 08:09 PM
Hello again. All you have to do is set up a Redirect/DstNAT rule which forwards UDP 53 to the desired DNS IP address. You can set up your LAN IP address as the DNS server on the clients and forward all traffic to that address on UDP 53 to your external DNS server. In fact I do this on my Barracuda. You can also set up the DNS caching service on each firewall and forward traffic to the desired DNS server.
Posted 15 July 2012 - 10:21 AM
Then you don't need to make any changes on the workstation within the network
Posted 16 July 2012 - 08:39 AM
Thanks for the post. So all my clients are changed already (pointing to Open DNS public ip's for basic blocking purposes). With your post above, would i then point my clients to the internal ip of the firewall?
Is there a pro/con of doing one vs the other?
Thanks for your help!
Posted 16 July 2012 - 10:11 AM
The other advantage is that we can do DNS blacklisting on the NGFW, so if you want to block say www.facebook.com we can do that very easily.
admin settings > advanced on 5.2.3
virtual servers > firewall > forwarding settings on 5.2.4
You can test it easily. Just go into admin setting and enable advanced mode, and then turn on the DNS caching.
Then there should already be an DNS interecept rule that you can use. Change it to just your IP as the source so you can test and not impact everyone else.
It should redirect to 127.0.0.1
If you dont have the rule just create a new App redirect rule as follows:
Type: App redirect
Source: Your machine (or the whole Trusted LAN)
Destination: World (0.0.0.0/0)
Posted 20 August 2012 - 10:05 AM