- Bronze, 100 points or more
I'm seing an abundant number of the following error-msg in my fwsm-syslog:
%FWSM-2-106007: Deny inbound UDP from 192.168.12.39/53 to 192.168.12.52/51660 due to DNS Response
I know this issue has been discussed on many occasions before, but what I can't understand is why the firewall evens logs the above listed incident. The two nodes reside on the same subnet, with .52 being an appl.server and .39 being a DNS slave. We have several other hosts on the same subnet, that occasionally experience this problem, but the error is not consistent. It's happens every now and again. I had a similar expericence, where ICMP between two nodes on the same subnet failed and this was apparently caused by the fact, that the firewall replied to an ARP sent by the icmp-src host. I disabled proxyarp on that interface and the problem disappeared.
I'm now wondering, if what I see here, is the same situation. We have two set of firewall-modules, one set running 4.0.4 and the other running 3.2.8. The affected one is running 4.0.4, I'm not seing this problem on the modules running 3.2.8.
I haven't come around to do a trace yet, but hope do to so next time this problems appears. But is it possible, that a 'no sysopt proxyarp' will resolve it?