How do I block DNS traffic from getting out through a firebox?
I made policies trying everything I could think of to block all traffic from getting out from a host on one of my VLANs but DNS still gets through. I see it's an Internal policy that's being allowed even if I try blocking Any to the Firebox.
Allow 172.16.55.2 172.16.55.1 dns/udp 57636 53 VLAN_01 Firebox DNS Forwarding 60 63 (Internal Policy) proc_id="firewall" rc="100" msg_id="3000-0148" record_type="A" question="www.google.com"
I have DNS Watch configured on the firebox but even if I don't have it enforced for the interface, DNS resolution is still occurring for the host.
The host is on a wired extension from a WG Access Point on VLAN_01 and has a NAT IP of 192.168.55.1. The firebox sees the host as 172.16.55.2 as show in the log.