cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jaygr
Level 8
Report Inappropriate Content
Message 1 of 6
‎02-03-2014 01:58 AM

McAfee Sidewinder - No DNS Option

Jump to solution

Hello,

I use McAfee Firewall Enterprise (Sidewinder Firewall) (with Admin Console (8.3.2)) and i have an issue with No DNS option (Network Objects option).

I want to use this option like that (I use transparent DNS) :

NoDNS01.jpg

I have no problem when I type IP address in my browser (so I through the firewall with). But i cannot access to test.fr when I type "test.fr" in my browser.

I monitored the firewall (with Wireshark, nothing in audit viewer) and I saw DNS request for test.fr. I don't understand why because I checked No DNS option.

Can you tell me why ?

Sorry for my English & Thanks for your help,

JayGr

0 Kudos
Reply
1 Solution

Accepted Solutions
jaygr
Level 8
Report Inappropriate Content
Message 6 of 6
‎02-11-2014 12:22 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

Technical support :

Based on the topic you created, you'd like typing "example.fr" to map to an IP (192.168.1.1) on clients behind the firewall? If you're running transparent DNS, there's nothing you can configure on the firewall that will do that. The client will always do a DNS lookup for the hostname given, unless you modify its local hosts file.

Hosts objects are used to tell the firewall to do a reverse lookup on addresses it sees connections to, and don't have any impact on what clients see.

If you'd like to continue using transparent DNS, the easiest option would be to contact your local nameserver admin to add an A record for example.fr > 192.168.1.1.

View solution in original post

0 Kudos
Reply
5 Replies
exbrit
MVP
Report Inappropriate Content
Message 2 of 6
‎02-03-2014 03:27 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

Moved from Home products to Business > Firewall Enterprise (Sidewinder) for better attention.

.

Message was edited by: Ex_Brit on 03/02/14 6:30:29 EST AM
0 Kudos
Reply
sliedl
Level 14
Report Inappropriate Content
Message 3 of 6
‎02-04-2014 09:17 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

When you do a request for 'test.fr' your browser does a lookup for the IP address for 'test.fr' and then does a SYN for that IP address.  If the DNS answer your client gets back (an IP address) is not the same value you have there for this object then it won't match the rule.

Your PC is asking (something) for DNS and getting an answer which is not 192.168.1.1, so you'll need to investigate your DNS resolution in your network.

0 Kudos
Reply
jaygr
Level 8
Report Inappropriate Content
Message 4 of 6
‎02-05-2014 02:47 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

Thanks for the explanations.

Please tell me how could I do what I want (without modifying the host file) : I would like to associate "test.fr" with 192.168.1.1 for each "test.fr" request from a client.

Is it possible ?

Thanks,

JayGr

0 Kudos
Reply
jaygr
Level 8
Report Inappropriate Content
Message 5 of 6
‎02-10-2014 12:24 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

Hello,

No idea ?

Reminder : I would like to associate "test.fr" with 192.168.1.1 for each "test.fr" request from a client without modifying the host file. And I use transparent DNS.

Thanks,

JayGr

0 Kudos
Reply
jaygr
Level 8
Report Inappropriate Content
Message 6 of 6
‎02-11-2014 12:22 AM

Re: McAfee Sidewinder - No DNS Option

Jump to solution

Technical support :

Based on the topic you created, you'd like typing "example.fr" to map to an IP (192.168.1.1) on clients behind the firewall? If you're running transparent DNS, there's nothing you can configure on the firewall that will do that. The client will always do a DNS lookup for the hostname given, unless you modify its local hosts file.

Hosts objects are used to tell the firewall to do a reverse lookup on addresses it sees connections to, and don't have any impact on what clients see.

If you'd like to continue using transparent DNS, the easiest option would be to contact your local nameserver admin to add an A record for example.fr > 192.168.1.1.

View solution in original post

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC