![]() FortiMonitor is a good solution for you to look at □ SCOPE Be careful and monitor your resources on your servers to ensure that you are not DoS’ng yourself. However, I will include some commands to enable query logs but there is a performance trade-off (same as Windows). Even if you are not quarantining, you may see that the firewall blocked a DNS query because of a malicious url as an example, you would want to see what user asked the DNS server for that domain as chances are, that the machine asking the DNS for the malicious URL is compromised.Īlthough I prefer BIND over Windows Server for DNS, simply for the security and flexibility, I will mostly cover Windows DNS in this article. The biggest drawback is that since the internal devices are querying the DNS servers (usually the Domain Controllers although not always), the firewall assumes that the domain controller is compromised and CAN quarantine it. Some customer follow my posts on creating Quarantine IPS Security Profiles and they can get themselves into trouble because the firewall CAN quarantine if the DNS is triggering those Quarantine IPS Profiles. ![]() ![]() The FortiGate can act as a DNS server for any interface so you have some flexibility in regards to guest WiFi and/or Guest VLANs. One of the things I do when a customer wants to set up a firewall, is block DNS traffic except for traffic from the internal DNS server. Here is an article that has been a long time coming. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |