cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
321
Views
0
Helpful
1
Replies

FWSM Critical message

jaravinthan
Level 1
Level 1

Hi,

below is the message i get from FWSM. The IP's always change but what i see is its always any of the Windows DC's located across globe.

2007-10-26 00:42:18 Local4.Critical <FWSM IP> Oct 26 2007 00:42:51: %FWSM-2-106007: Deny inbound UDP from <IP/53> to <IP/dynamic port> due to DNS Response

Any clue on what could cause and why suddenly these message bombard in the logs. We have DNS inspect enabled since scratch. Please advice.

1 Reply 1

palomoj
Level 1
Level 1

it sounds like a valid dns response has already been detected and allowed through the firewall. i would do some testing and see if this is the case. you may need to do a packet capture and verify this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: