cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GTI File Reputation DNS Error - NS-7100 and NA-9100

What URL do I need to open up on my FW in order to fix this error? I have reviewed Technical Articles ID: KB79640 and still unclear as to what needs to be added.
1 Reply
ibryan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: GTI File Reputation DNS Error - NS-7100 and NA-9100

Hello,

You are receiving GTI file reputation notifications. The message notification description is “GTI File Reputation DNS Error Unreachable”.

This message means the sensor cannot get a response from the GTI file reputation website. The way GTi file reputation works is by sending a query to the IP address set on the sensor for GTI server IP. This DNS IP address resolves the query and sends a request to the gti file reputation website and then the DNS server waits for the response and then sends it to the sensor.

The “GTI server IP” should be an internal DNS server and from the outputs you have provided you have set “GTI server IP” to your Primary Nameserver IP.

GTI file reputation:
• The sensor sends an example query like “sfqpit75pjh525siewar2dtgt5.avts.mcafee.com” to the DNS server you have specified (your local DNS server).

• The DNS server then resolves the query to get the GTI server IP addresses “avts.mcafee.com“ and then sends the hash value to the those IP addresses “sfqpit75pjh525siewar2dtgt5”.

• The GTI server provides the response to the DNS server of 127.x.x.x which is not a local address, but the severity of the hash value of the file (MDR hash value).

• The DNS server then passes the 127.x.x.x response to the sensor and it will translate this response to the severity / sensitivity of the file, so it can process the file through the sensor.

1:
From the sensor CLI, you need to set the gti server ip.
Perform command 'show gti config'
Verify what is set for the "GTI Server IP" and the "Nameserver' IP addresses (DNS server).
If the 'GTI Server IP' is not set to your internal DNS server, then perform the command below:
set gtiserver ip dns-ip-address


show gti config
Sample output:
If you have enabled integration with the Private GTI Server IP address:
Primary Nameserver IP : 10.1.1.1
Secondary Nameserver IP : Not Configured
Timeout : 6 secs
GTI Server IP : 10.1.1.1
GTI Certificate : Present
[IP reputation configuration]
GTI proxy is disabled


2:
If you haven't set the DNS server ip on the sensor, then log into the NSM UI and navigate to Devices | Devices | <choose sensor from drop down> | Setup | Name Resolution and then add the DNS server IP addresses and then save.
The update to the sensor will be instant and so perform the command 'show gti config' form the sensor CLI will show it has been set.

3:
Also, make sure your network allows out connections to the GTI server from the sensor management port. In the KB article KB53733 for “Ports used for lookups and updates” you will find the information for McAfee GTI File Reputation query.
https://kc.mcafee.com/agent/index?page=content&id=KB53733

McAfee GTI File Reputation query
Source: Sensor
Destination: avqs.mcafee.com and avts.mcafee.com (via DNS query to defined DNS server)
Port: 53 UDP

GTI File Reputation requires that the sensor can communicate with the internal DNS and then the internal DNS communicates with the GTI server directly via the Internet or indirectly via an internal Proxy server.


I hope this information help.

Many thanks,
Ian Bryan

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community