Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
1
Replies

Intercept and redirect traffic

HQuest
Level 1
Level 1

‎10-22-2019 03:54 AM - edited ‎02-21-2020 09:36 AM

On a FMC/FTD environment, any ideas how to intercept and redirect NTP and/or DNS traffic from specific clients? There are a few appliances with hardcoded NTP/DNS entries, which I would totally prefer to use my internal systems to provide them access to these resources, instead of blocking them, or letting them go thru on their own. The catch is, I don't always know the destination IP address - particularly true for the pool of NTP servers.

 

I know I can do a static NAT when I do know the destination address(es): have this working on a similar scenario, but with the randomness of the NTP pool of servers, this is pretty tricky...

 

[Edit] Well, never mind: it seems I can add my very own "IPv4-Any" object instead of trying to use the system provided "any-ipv4", and that does the trick.

 

Thanks!

Labels:
0 Helpful
1 Reply 1

wherewolf
Level 1
Level 1

‎06-22-2023 05:23 AM

I know this thread is rather old, but I'm looking for a solution to external hardcoded ntp or dns on certain devices and would like to use the firewall to intercept these requests from certain vrf's and redirect to internal ntp servers.  It appears that you determined a solution, but didn't post the details.  Can you elaborate?  Many Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card