07-17-2021 12:50 AM
Have a 1010 running 6.6.4 with 10 rules, 1 of which allows the internal DNS server outbound dns over udp and tcp for server from inside to outside. The server fails dns resolution and packet tracer shows the traffic dropped because it hits the default deny ant any rule. I also tried removing the port restrictions and changing the rule to Trust vs Allow,but all yielded the same result. If I change the default action on the policy to Allow it works without any issue. Is there a setting I'm missing?
07-17-2021 12:58 AM
Traffic isn't matching that rule for some reason, can you provide a screenshot of your rule.
You could also run "system support firewall-engine-debug" command from the CLI, filter on the source IP address of the internal DNS server and provide the output for review.
07-17-2021 07:03 AM - edited 07-17-2021 07:08 AM
Thanks for the reply. After pulling it out and reviewing it in more detail i found the problem with the rule so will redeploy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide