cancel
Showing results for 
Search instead for 
Did you mean: 
Alas2708
Level 7

Fully Qualified Domain Name firewall rule and akamai

Jump to solution

Hi,

In a restrictive environment, where PCs do not have internet access, i need to authorize access to one specific fqdn (www.something.com) that is hosted on akamai (meaning the IP address that resolves can change very often)

I have noticed that in this case, the 1st time the rule is matched, a name lookup is performed and the traffic is allowed. Once the akamai IP address has been updated, the traffic is no longer allowed, since a new name lookup is not performed and hIPS caches the old IP.

This basically renders the FQDN functionality in the hIPS FW rules useless, unless there is a way to force it to perform a dns lookup with every connection to see if the IP changed.

Any ideas?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Fully Qualified Domain Name firewall rule and akamai

Jump to solution

Host IPS 7.0 will cache a domain lookup for 30minutes, the HIPS services are restarted, or until the next McAfee Agent policy enforcement (interval depends on your configuration).  If the domain lookup resolves a different IP within these timeouts, it will be blocked (as you found).

There is no way to force HIPS to perform a DNS lookup beyond the above parameters.  Possibly you could force a policy enforcement with "cmdagent.exe /e", to see if that works.  Submit a Product Enhancement Request though, if you'd like.

Message was edited by: Kary Tankink on 8/13/10 10:31:17 AM CDT
0 Kudos
2 Replies
McAfee Employee

Re: Fully Qualified Domain Name firewall rule and akamai

Jump to solution

Host IPS 7.0 will cache a domain lookup for 30minutes, the HIPS services are restarted, or until the next McAfee Agent policy enforcement (interval depends on your configuration).  If the domain lookup resolves a different IP within these timeouts, it will be blocked (as you found).

There is no way to force HIPS to perform a DNS lookup beyond the above parameters.  Possibly you could force a policy enforcement with "cmdagent.exe /e", to see if that works.  Submit a Product Enhancement Request though, if you'd like.

Message was edited by: Kary Tankink on 8/13/10 10:31:17 AM CDT
0 Kudos
Alas2708
Level 7

Re: Fully Qualified Domain Name firewall rule and akamai

Jump to solution

Hi,

Many thanks for this detailed information... May I ask you where you gathered info regarding this? These things you mention are mentioned nowhere in the userguides, as far as i know?

Thanks again!

0 Kudos