Options

DNSWatch protected network in Firefox - Just an IP adress?

JordiJordi
in DNSWatch - General

Hi,

We have activated the DNSWatch in our Firefox now. We see in DNSWacth site it, everything looks fine.

But we see that the messages for block sites and content police are the generics and not the customiced.

In my opinion, it is becouse the protected network of the Firefox is just a public IP (/32) but we have more than an IP (/28) and the users goes out by other public IP than the firefox.

The option to add protected network in the DNSWacth site say that we need a extra license

Anybody know how to do it?

Thanks in advanced,
Jordi.

Comments

  • Options
    Bruce_BriggsBruce_Briggs

    Is DNSWatch enabled on all internal firewall interfaces?
    If so, then there is nothing else that you need to do.

  • Options
    JordiJordi

    Yes, they are all enabled and enforced.

    But the outgoing trafic is using a Dynamic NAT from LAN interface to External Inteface for all users. It is a diferent Public IP than the Fireboxs Public IP.

    In my opinion, it is the reason of show generics messages for block sites and content police and not the customiced.

  • Options
    Bruce_BriggsBruce_Briggs
    edited January 25

    Perhaps this?
    Victim — The public IP address of the protected network from which the DNS request was received

    View DNSWatch Alert Details
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/dnswatch/dnswatch_alerts_view_c.html

    To see the details - click on the VIEW button in the Alert column.

    If there is still no private IP addr for the Victim IP addresses etc. listed for the detail, see this article:
    Cannot view details of the victim IP address in DNSWatch
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bpWiSAI&lang=en_US

  • Options
    JordiJordi

    Thanks Bruce,
    But the Alert details is fully empty (fortunately). I am doing the test with http://test.strongarm.io but it looks that it does not created an alert there....

    It looks than the DNSAlert is checking my IP of the browser x.x.x.y/32 with the IP of the DNSAlert registre of our Firebox x.x.x.z/32. Both are in our Public IP range x.x.x.a/28.

  • Options
    Bruce_BriggsBruce_Briggs

    When I access the test site, I see my internal IP addr in the Alert details
    Victim IP addresses 10.0.1.2

    Consider opening a support case on this.
    You can do so using the Support Center link above.

Sign In to comment.