cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

Slow DNS resolution after installing Firewall Enterprise

Jump to solution

Hi all,

I'm finding DNS resolution is slow after installing FE appliance. Some sites I browse to time out with a DNS resolution error, but a refresh of the page normally loads the page.

I'm using the appliance in standard mode with transparent DNS. I've listed our domain's DNS servers in the internal zone and the internet router address in the external zone.

Within auditing, I'm finding a series of entries of the type "attack" and application "<DNS>". I've attached the detailed view of the entry.

The source IP is one of our internal DNS servers, and the destination IP is the internal port on the firewall. I've disabled the "Deny All" rule in Access Control Rules, so unsure why it shows that the "Deny All" rule is blocking this request.

Does anyone have a solution for the slow DNS resolution issue or for the blocked requests I've attached?

Cheers,

Simon

1 Solution

Accepted Solutions
vkleineh
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Slow DNS resolution after installing Firewall Enterprise

Jump to solution

Hi,

Why is your internal DNS server sending the packets to the internal firewall IP? Looks like there is no rule active that allows this traffic so it hits "deny all".  Not sure why it is still working when you disabled it, but please do not disable the "deny all" rule.

Did you check on internal and external interface by using tcpdump if the delay is caused by the firewall?

Here some links to the service portal that may help:

McAfee KnowledgeBase - Firewall Enterprise: Which proxy rule am I hitting?

McAfee KnowledgeBase - Firewall Enterprise: Why am I not hitting a particular proxy rule?

McAfee KnowledgeBase - Firewall Enterprise: How to troubleshoot slow throughput

- Volker

View solution in original post

2 Replies
vkleineh
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Slow DNS resolution after installing Firewall Enterprise

Jump to solution

Hi,

Why is your internal DNS server sending the packets to the internal firewall IP? Looks like there is no rule active that allows this traffic so it hits "deny all".  Not sure why it is still working when you disabled it, but please do not disable the "deny all" rule.

Did you check on internal and external interface by using tcpdump if the delay is caused by the firewall?

Here some links to the service portal that may help:

McAfee KnowledgeBase - Firewall Enterprise: Which proxy rule am I hitting?

McAfee KnowledgeBase - Firewall Enterprise: Why am I not hitting a particular proxy rule?

McAfee KnowledgeBase - Firewall Enterprise: How to troubleshoot slow throughput

- Volker

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 3

Re: Slow DNS resolution after installing Firewall Enterprise

Jump to solution

Hi Volker,

Thanks for your reply. My mistake, I didn't reconfigure the forwarders on my DNS servers, so they were still pointing to the old gateway address, which is now the firewall's address.

That seemed to fix the DNS resolution slowness.

Regards,

Simon

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community