Internet Related/Filtering/Firewall Thread, Random problem in Technical; Ok, bear with me, this one is a bit complicated.
We currently run a SWGFL connection, through 2 ISA servers. ...
13th June 2013, 01:58 PM #1
Ok, bear with me, this one is a bit complicated.
We currently run a SWGFL connection, through 2 ISA servers. We host around a dozen services internally. some are dealt with via external ips on the swgfl router, and our external DNS manager vidahosts, some are dealt with, with a single IP and our internal dns to shoot the requests around.
We are moving away from SWGFL and going with City fibre using a Palo Alto PA3020. We have a live connection and the Palo is working, but most users are not working from it as we have not changed the 0.0.0.0/0 route in our l3 core. A few users (i.e. IT) have changed the default gateway to be the Palo. Most things are working fine, but we have an oddity we can't get to the bottom of.
If you are on the SWGFL connection our internally hosted website oak.leaf.bournemouth.sch.uk works. If you are on an external connection - like a mobile - it works. If you are on the Palo/City fibre connection that website doesn't work - comes back with a DNS error. If you look at the Palo monitoring it shows the request as incomplete, which is it, as the IP that is being passed to the Palo is 184.108.40.206 it should be 220.127.116.11
Predictably, Gamma, our Palo supplier are blaming our internal DNS or SWGFL. SWGFL are blaming the Palo and I'm stuck in the middle with a website that we own and can't access!
Anyone got any idea where it's going wrong?
IDG Tech News
13th June 2013, 06:51 PM #2
What do you have set as your DNS server when you go out of the Palo?
Does what ever it is also have it's default gateway set to be the Palo and does it also have upstream DNS servers it uses?
14th June 2013, 10:04 AM #3
DNS servers in the Palo are our internal dns, and our external DNS manager so:
Address Group DNS Servers:
Address Group Vida Hosts
We have a security policy in place called outbound DNS, with the following config:
Source Tab=Source Zone - L3inside: Destination Address - DNS Servers (address group)
User Tab= Source User - any: HIP Profile - any
Destination Tab= Destination Zone- L3 Outside: Destination Address - Vida Hosts (address group)
Application Tab= Applications - DNS
Service URL Category = Defaults (Empty)
Actions Tab = Action setting - Default for our establishment with Antivirus, Vulnerabilities, and Spware. No URL filtering, File Blocking or Data Filtering.
The default gateway of the webserver is our core switch. The core switch has a 0.0.0.0/0 static route to our swgfl router at the moment as we are not ready to transition everyone yet. The webserver is set to use our internal DNS servers.
By mossj in forum Hardware
Last Post: 1st May 2009, 11:53 AM
By Simon_Gibbs in forum Windows
Last Post: 26th January 2009, 10:33 AM
By Jonesminor in forum Windows
Last Post: 22nd January 2007, 10:52 PM
By pooley in forum General Chat
Last Post: 7th April 2006, 09:36 AM
By ken_kaniff in forum Windows
Last Post: 4th January 2006, 06:18 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)