dns interception
Comments
-
You can play a trick
To use NAT rule to redirect all tcp/udp port 53 traffic into USG.
Note: put this rule as the first rule, on top of the others1 -
Thanks for lan31's nice solution.
Hello ewing,
You can follow lan31's way to forcing all lan1 users do DNS query via USG DNS server.
Charlie0 -
if necessary, the firewall rule
0 -
The firewall rule need to allow clients to DNS server port in USG.
In general case, the device firewall rule "LAN_to_Device" already cover it.
So you don't need to add another rule.
Of course, if you want to restrict the client to device access permission.
Then add the rule to allow to access the DNS ports(tcp/udp port 53) to USG.
0 -
Sorry, I'm not so educated with IP stuff. Why the User Defined Mapped IP address in the above example is 192.168.1.1? Why not the USG LAN1 IP address, if the purpose was to redirect all the queries from LAN1?
Regards
Kelmi
0 -
You are right.
I forgot to note the screenshot was based on my USG setting which the lan1 ip address is 192.168.1.1
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight