https://community.cisco.com/t5/network-security/fwsm-critical-message/m-p/913246#M960655 <HTML><HEAD></HEAD><BODY><P>it sounds like a valid dns response has already been detected and allowed through the firewall. i would do some testing and see if this is the case. you may need to do a packet capture and verify this.</P></BODY></HTML> Fri, 26 Oct 2007 04:57:50 GMT palomoj 2007-10-26T04:57:50Z https://community.cisco.com/t5/network-security/fwsm-critical-message/m-p/913245#M960654 <P>Hi,</P><P></P><P>below is the message i get from FWSM. The IP's always change but what i see is its always any of the Windows DC's located across globe.</P><P></P><P>2007-10-26 00:42:18 Local4.Critical &lt;FWSM IP&gt; Oct 26 2007 00:42:51: %FWSM-2-106007: Deny inbound UDP from &lt;IP/53&gt; to &lt;IP/dynamic port&gt; due to DNS Response</P><P></P><P>Any clue on what could cause and why suddenly these message bombard in the logs. We have DNS inspect enabled since scratch. Please advice.</P> Mon, 11 Mar 2019 11:31:03 GMT https://community.cisco.com/t5/network-security/fwsm-critical-message/m-p/913245#M960654 jaravinthan 2019-03-11T11:31:03Z https://community.cisco.com/t5/network-security/fwsm-critical-message/m-p/913246#M960655 <HTML><HEAD></HEAD><BODY><P>it sounds like a valid dns response has already been detected and allowed through the firewall. i would do some testing and see if this is the case. you may need to do a packet capture and verify this.</P></BODY></HTML> Fri, 26 Oct 2007 04:57:50 GMT https://community.cisco.com/t5/network-security/fwsm-critical-message/m-p/913246#M960655 palomoj 2007-10-26T04:57:50Z