RodneyMcSnow
Technical User
I have setup a tz400 to allow only ports80, 443 and 53
To be allowed from LAN to WAN but I end up seeing
DNSrebind attacks and most times unable to browse to the Internet due to attacks.
The WAN to LAN is set to discard everything and I have also enabled theDNS
Rebind attack to drop and log but still having issues.
I see a lot of net mapping errors and icmp messages.
If I remove the DNS from the outbound allowed LAN to wan options
I will never reach the Internet, but others have informed me that I must not allow DNS to the WAN.
Am I missing something here? You need DNS to reach out to the Internet DNS servers
To resolve addresses do how else could this be accomplished.
Was using local ISP for DNS now have changed to open DNS.
There is no server on the network just desktops that use the Sonicwall as a gateway and to protect the LAN computers.
If the rule WAN to LAN set to discard, no traffic is allowed in but there
Has to be something going on that is causing Internet interruption and failure to resolve DNS.
To be allowed from LAN to WAN but I end up seeing
DNSrebind attacks and most times unable to browse to the Internet due to attacks.
The WAN to LAN is set to discard everything and I have also enabled theDNS
Rebind attack to drop and log but still having issues.
I see a lot of net mapping errors and icmp messages.
If I remove the DNS from the outbound allowed LAN to wan options
I will never reach the Internet, but others have informed me that I must not allow DNS to the WAN.
Am I missing something here? You need DNS to reach out to the Internet DNS servers
To resolve addresses do how else could this be accomplished.
Was using local ISP for DNS now have changed to open DNS.
There is no server on the network just desktops that use the Sonicwall as a gateway and to protect the LAN computers.
If the rule WAN to LAN set to discard, no traffic is allowed in but there
Has to be something going on that is causing Internet interruption and failure to resolve DNS.