I have installed WW7 for testing purpose before upgrading the current version of WW to the new version.. After appropriate configurations and updating the engine we are receing the below mentioned error.
The DNS configured on the webgateway is able to resolve the URL's to their respective IP addresses and hence it does not seem to be a DNS issue.
Kindly assist so that we may move forward with the testing of the new version.
Well, it looks pretty clear from the block page, but what does a nslookup come back with from the command line?
Also, send the output of:
I just checked and that is the block page that comes back when DNS fails, outside of checking the things above, you could run capture, but please run the above first.
The nslook up from the appliance is resolving the URL's as seen in the attached screenshot.
The the output of cat /etc/resolv.conf is the list of primary secondary and tertiary DNS configured under the Configuration --> DNS tab in the webgateway console.
And it displays the domain of the organisation.
Please let me know what needs to be done to run the capture.
At this point I would recommend opening a support case, open it by providing a capture and a feedback, both can be done from the Troubleshooting tab. Run the capture with a '-s0 -i any' parameters.
I would be curious to see a 'wget www.google.com' from the CLI.
I am having a similar issues but the impact has a slightly different view, but the "host not resolvable" is also one among them.
Pl refer to the thread "MWG 7 / Cache / Websites not loading properly" for more details. A case was logged with support and they have reverted back saying that the issues are due to the DNS response delay in our NW.
But the fact is that MWG 7 is very sensitive to DNS response and it has shown clearly in my test for the past ONE MONTH.
In the same NW I have tried with:
a) A PC with direct internet connection using the same DNS host
b) MWG 6.8.7
c) Existing MS ISA
All seems to work perfectly while MWG fails. When I have issues with web browsing and "host not resolvable" error, from the Linux console all the hosts are able to get resolved, but MWG as an application layer has issues resolving those hosts.
Now I am left in a dark room with no fix/resolution from McAfee. We have invested heavily on MWG7 (2units), web reporter premium, etc... but until today this issues is unable to be resolved.
If you come across any findings, PL DO LET ME KNOW.
May I know how is the MWG accessing the internet, what are the NW equipments along the NW path that leads to internet access?
I have resolved the issue by adding few commands on our NW firewall. If you can share the brand of the firewall I should be able to suggest. Thanks.
In my case we have Cisco ASA & Juniper SSG, out of which the issues was with Juniper and by adding the below commands, the DNS response time has improved tremendously.
BTW, you can use the tool DNSBench (http://www.grc.com/dns/benchmark.htm), to verify how the DNS response is in your NW, and this is a handy toll to measure the reliability and consistency of DNS response.
You may find the similar command for CheckPoint, provided this applies to your environment.
1) set flow allow-dns-reply
[Explanation: Allows an incoming DNS reply packet without a matched request.
If allow-dns-reply is disabled and an incoming UDP first-packet has dst-port 53, the device checks the DNS message packet header to verify that the query (QR) bit is 0—which denotes a query message. If the QR bit is 1—which denotes a response message—the device drops the packet, does not create a session, and increments the illegal packet flow counter for the interface. By default, allow-dns-reply is disabled. Enabling allow-dns-reply directs the security device to skip the check]
2) set dns udp-session-normal
[Explanation: Enable the normal handling of DNS UDP packets. Helpful when multiple queries are issued with the same source port so that return queries will be allowed through instead of just the first one]