DNS packet errors and VPN drops
Yesterday I solved the problem of the ZScaler app not working (Thanks Bruce). After resolving that another issue has cropped up behind it.
I have a "Pulse VPN" client trying to initiate a vpn connection from the same ZScaler node. The VPN initiates, connects, then immediately drops and starts the reconnection process.
The only thing showing in the logs are groups of these dns/udp DENY errors. Other than that it appears that no traffic in/out of that client is being stopped.
The logs show the VPN initiating from this node immediately before these errors.
1-01-05 14:53:36 Deny 192.168.9.113 192.168.9.254 dns/udp 64832 53 Home Firebox Denied 71 128 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"
2021-01-05 14:53:42 Deny 192.168.9.113 192.168.9.254 dns/udp 56633 53 Home Firebox Denied 77 128 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"
2021-01-05 14:53:54 Deny 192.168.9.113 192.168.9.254 dns/udp 59621 53 Home Firebox Denied 71 128 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"
Do these errors have anything to do with the VPN constant drop/reconnect?
If i want to allow ALL outbound traffic from this node without filtering, could I just throw in a policy - an ANY packet filter from the node IP to the external interface?
Comments
Deny 192.168.9.113 192.168.9.254 dns/udp
If 192.168.9.254 is a firewall interface IP addr (which dest of Firebox suggests) - then the DNS lookup will never work without:
1) enable DNS forwarding on your firewall or
2) changing the DNS server IP addr setting on 192.168.9.113 or on the app running there
So an Any packet filter most likely won't really help for this issue.
About DNS Forwarding
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/dns_forwarding_about.html