DNS LIMIT-DROP
Hello,
M270 + FW 12.5.2
limit-drop logs like this started popping up
Nothing special on the bind9 192.168.10.104 dns server used for internal caching
nstx tunnel is blocked by policy but never seen it triggered
I'm a little smb of about 25 computers and a few vpn users
What exactly are the logs telling me?
Thank you in advance.
Deny 192.168.10.104 208.87.233.190 dns/udp 1914 53 0-INT-PUBLIC-BRIDGE Firebox LIMIT-DROP
Deny 192.168.10.104 192.55.83.30 dns/udp 13042 53 0-INT-PUBLIC-BRIDGE Firebox LIMIT-DROP
Deny 192.168.10.104 184.28.114.60 dns/udp 40488 53 0-INT-PUBLIC-BRIDGE Firebox LIMIT-DROP
Deny 192.168.10.104 192.41.162.30 dns/udp 7745 53 0-INT-PUBLIC-BRIDGE Firebox LIMIT-DROP
0
Sign In to comment.
Comments
Hi @Steve_E
This is default threat protection limiting your traffic:
(About Default Packet Handling)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/intrusionprevention/default_pkt_handling_opt_about_c.html
You've probably exceeded your UDP flood threshold.
If you've never seen this before, something has increased the amount of traffic. If this is normal traffic for your network, try doubling the number that's there and see if that helps.
-James Carson
WatchGuard Customer Support
*note that a dropped DNS request makes more DNS requests, so them being dropped is most likely causing a much larger number of them to come to the firewall.
-James Carson
WatchGuard Customer Support
thank you
I dont think there was a traffic trouble.
Fixed by going back to an old config and rebuilt with the same settings from there up.