01-19-2018
11:30 AM
- last edited on
02-21-2020
11:35 PM
by
cc_security_adm
To all:
I am trying to configure FMC/FTD to use my clients internal DNS servers for guest wireless. The interface for the guest wireless hangs off the FTD appliance and I have the policy built in FMC to allow DNS traffic from the guest wireless network inbound and vice versa. However, in the one location, they must have DNS inspection for one NAT statement that requires DNS doctoring. If I disable DNS inspection, they can reach the internal DNS servers. Otherwise, it fails with the following drop-reason:
(inspect-dns-invalid-pak) DNS Inspect invalid packet
I can't figure out how to get around this problem in FTD.
TIA for any ideas,
Dan