+ Post New Thread
Results 1 to 3 of 3
Internet Related/Filtering/Firewall Thread, Random problem in Technical; Ok, bear with me, this one is a bit complicated. We currently run a SWGFL connection, through 2 ISA servers. ...
  1. #1

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,840
    Thank Post
    785
    Thanked 552 Times in 432 Posts
    Rep Power
    261

    Random problem

    Ok, bear with me, this one is a bit complicated.

    We currently run a SWGFL connection, through 2 ISA servers. We host around a dozen services internally. some are dealt with via external ips on the swgfl router, and our external DNS manager vidahosts, some are dealt with, with a single IP and our internal dns to shoot the requests around.

    We are moving away from SWGFL and going with City fibre using a Palo Alto PA3020. We have a live connection and the Palo is working, but most users are not working from it as we have not changed the 0.0.0.0/0 route in our l3 core. A few users (i.e. IT) have changed the default gateway to be the Palo. Most things are working fine, but we have an oddity we can't get to the bottom of.

    If you are on the SWGFL connection our internally hosted website oak.leaf.bournemouth.sch.uk works. If you are on an external connection - like a mobile - it works. If you are on the Palo/City fibre connection that website doesn't work - comes back with a DNS error. If you look at the Palo monitoring it shows the request as incomplete, which is it, as the IP that is being passed to the Palo is 217.179.112.20 it should be 217.179.112.205

    Predictably, Gamma, our Palo supplier are blaming our internal DNS or SWGFL. SWGFL are blaming the Palo and I'm stuck in the middle with a website that we own and can't access!

    Anyone got any idea where it's going wrong?

  2. #2

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    302
    Thank Post
    0
    Thanked 67 Times in 53 Posts
    Rep Power
    36
    What do you have set as your DNS server when you go out of the Palo?

    Does what ever it is also have it's default gateway set to be the Palo and does it also have upstream DNS servers it uses?

    Dave

  3. #3

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,840
    Thank Post
    785
    Thanked 552 Times in 432 Posts
    Rep Power
    261
    DNS servers in the Palo are our internal dns, and our external DNS manager so:

    Address Group DNS Servers:
    DNS1: our-primary-dns-IP
    DNS2: our-primary-dns-IP

    Address Group Vida Hosts
    DNS3: ns1.vhdns.net
    DNS4: ns2.vhdns.net

    We have a security policy in place called outbound DNS, with the following config:
    Source Tab=Source Zone - L3inside: Destination Address - DNS Servers (address group)
    User Tab= Source User - any: HIP Profile - any
    Destination Tab= Destination Zone- L3 Outside: Destination Address - Vida Hosts (address group)
    Application Tab= Applications - DNS
    Service URL Category = Defaults (Empty)
    Actions Tab = Action setting - Default for our establishment with Antivirus, Vulnerabilities, and Spware. No URL filtering, File Blocking or Data Filtering.

    The default gateway of the webserver is our core switch. The core switch has a 0.0.0.0/0 static route to our swgfl router at the moment as we are not ready to transition everyone yet. The webserver is set to use our internal DNS servers.

SHARE:
+ Post New Thread

Similar Threads

  1. Random Freeze problem
    By mossj in forum Hardware
    Replies: 0
    Last Post: 1st May 2009, 10:53 AM
  2. Problem with 2 users and random reboots
    By Simon_Gibbs in forum Windows
    Replies: 14
    Last Post: 26th January 2009, 09:33 AM
  3. Random Network Printer Problems
    By Jonesminor in forum Windows
    Replies: 5
    Last Post: 22nd January 2007, 09:52 PM
  4. Replies: 20
    Last Post: 7th April 2006, 08:36 AM
  5. Random Folder Redirection Problems
    By ken_kaniff in forum Windows
    Replies: 8
    Last Post: 4th January 2006, 05:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •