- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Instant firewall rules blocking DNS even though it is allowed
Instant firewall rules blocking DNS even though it is allowed
01-17-2014 12:29 PM
Hi,
I had a situation with some instants where the DNS requests were blocked, even though I had explicitly allowed them. It is for guest traffic, that is using a corp DNS on 192.168.0.0 network.
The rules were as such,
svc-dhcp any allow svc-dns any allow any network 192.168.0.0/16 deny any any permit
No response from the DNS server on 192.168.100.250. Unless I've misunderstood the firewall rule, this should have worked?
The clients are also on a 192.168.154.0 subnet as well, so maybe that has something to do with it.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACCX #817, ACMP, ACMX #294
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Instant firewall rules blocking DNS even though it is allowed
Re: Instant firewall rules blocking DNS even though it is allowed
01-17-2014 08:40 PM - edited 01-17-2014 08:42 PM
Is that an instant rule?
instant aps rules looks more like this
wlan access-rule Casa index 2 rule any any match any any any permit log
That looks more like a Controller firewall rule what you got in there though or did you type it like that because it was easier for the forum users to read?
Cheers
Carlos
Product Manager - Aruba Networks
Alternetworks Corp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Instant firewall rules blocking DNS even though it is allowed
Re: Instant firewall rules blocking DNS even though it is allowed
01-18-2014 02:58 AM
Carlos, actually it is for Instants, but I was writing the rule off the top of my head. The actual rules are
rule any any match udp 67 68 permit rule any any match udp 53 53 permit rule 192.168.0.0 255.255.0.0 match any any any deny rule any any match any any any permit
but even if I put 'rule 192.168.101.250 255.255.255.255 match any any any permit' above the deny rule, it still doesn't get DNS.
AP225s version 4.0.0.1
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACCX #817, ACMP, ACMX #294
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator