Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
9
Replies

FTD 6.4 DNS

Gerald74
Level 1
Level 1

‎11-09-2020 11:40 PM

I have an FTD 6.4 managed by FMC.

The problem I have is that the internet is very slow and the website pages don’t load at all but when I set the DNS as e.g 220.x.x.x on computer the internet connection works very well/fast without any problems.

PC internet not working:

IP 192.168.1.10

Mask 255.255.255.0

GW 192.168.1.254 (FTD inside)

 

PC internet working:

IP 192.168.1.10

Mask 255.255.255.0

GW 192.168.1.254 (FTD inside)

DNS ISP 220.x.x.x.

 

any help would be appreciated.

Thank you.

0 Helpful
9 Replies 9

Rob Ingram
VIP
VIP

‎11-10-2020 12:17 AM

Hi @Gerald74 

What DNS server(s) are you specifying when it does not work (you haven't identified it)?

Do you have an internal DNS server, if so have you configured DNS forwarders?

Run a packet capture and confirm the traffic is being permitted through the firewall.

0 Helpful

Gerald74
Level 1
Level 1
In response to Rob Ingram

‎11-10-2020 12:39 AM

What DNS server(s) are you specifying when it does not work (you haven't identified it)?

- gateway (FTD inside)

 

Do you have an internal DNS server, if so have you configured DNS forwarders?

-I have internal DNS server e.g. (pc  IP 192.168.1.10, DNS AD Server 192.168.1.1)

0 Helpful

Rob Ingram
VIP
VIP

‎11-10-2020 12:50 AM

If you have AD you would need to configure the PC to use the AD server for DNS and ensure the AD server has a forwarder to the ISP's DNS servers.

0 Helpful

Gerald74
Level 1
Level 1
In response to Rob Ingram

‎11-10-2020 01:13 AM

Thank you 

"the AD server has a forwarder to the ISP's DNS servers."

How can I make this on FMC?

0 Helpful

Aref Alsouqi
VIP
VIP
In response to Gerald74

‎11-10-2020 02:02 AM

Where your clients are getting their IP addresses from? internal DHCP or through FTD?, the options to set the DNS, gateway and so on, would be configured on the DHCP scope.

0 Helpful

Gerald74
Level 1
Level 1
In response to Aref Alsouqi

‎11-10-2020 02:50 AM

internal DHCP, but all computers have the static IP address.

Thank you very much but I don't have ASA. I saw your post a long time ago, almost all your posts about FMC.

I'll try what Rob says.

"Is the FTD configured to relay the DNS requests?" NO

 

Thank you

 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to Gerald74

‎11-10-2020 04:00 AM

If the clients are set with static IP addresses, why not to set your internal DNS IP on them so they can send the DNS requests to your internal DNS server, which will then relay them to the public DNS?

0 Helpful

Gerald74
Level 1
Level 1
In response to Aref Alsouqi

‎11-10-2020 04:26 AM

thank you for your advice I will try...

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-10-2020 01:39 AM

Is the FTD configured to relay the DNS requests? if not you might need to apply a NAT rule to allow the FTD to relay any DNS request coming from the clients to itself. Please remember, the FTD in itself does not act as a DNS server, however, you can still use its IP address as the DNS server on the clients side, but you need to define a NAT rule on the FTD to relay those DNS requests to a real DNS server, whether external or internal. However, this would not be a best practice, and what @Rob Ingram suggested would be the best option. If you are curious to know how the ASA and FTD would kinda act as a DNS server, please take a look at my blog post here:

https://bluenetsec.com/asa-dns-server/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card