Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
5
Helpful
1
Replies

Sites returning DNS responses with low TTL cause unpredictable access

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-10-2019 07:41 PM - edited ‎02-21-2020 09:45 AM

As noted in the topic of this discussion I am encountering this issue.

The use case is restricting outbound smtps (tcp/587) to allow access only to smtp.office365.com. The customer environment is FMC-managed FTD 2140 with 6.4.0.4 software. DNS server groups are setup and the ACP is *mostly* working.

However, at unpredictable intervals, some printers are not able to communicate to the O365 servers. Analysis of Connection Events shows they are hitting a Block despite the destination address resolving to smtp.office365.com as verified on the FTD appliance itself.

FQDN ACP SMTP Issue.PNG

This article seems to highlight the problem but doesn't suggest a work around:

https://community.cisco.com/t5/security-documents/using-hostnames-dns-in-access-lists-configuration-steps-caveats/ta-p/3123480#toc-hId--1214252331

I will open a TAC case when I get a chance but thought I'd try here first.

Labels:
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎12-11-2019 09:17 AM

Thank you for reporting this Marvin! Let us know what TAC comes back with.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card