Meraki

Community

DNS snooping for FQDN-based firewall rules

SimonT
Here to help
3 hours ago
3 hours ago

DNS snooping for FQDN-based firewall rules

Could anyone explain the correct setup so that Meraki can do DNS snooping for FQDN-based firewall rules with the following environment?

 

Windows network with Windows DHCP and DNS Servers.
Windows endpoints with Secure Client and Umbrella

Endpoints DNS points to Umbrella virtual appliances with local DNS pointing back to Windows DNS servers.
Active directory integrated with Umbrella.
MX84 Firewall

MX84 does not see DNS requests from endpoints so FQDN-based firewall rules fail. How should this be setup  ? must keep Windows DHCP servers and local DNS going for Active Directory.

Labels:
0 Kudos
1 Reply 1
RaphaelL
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

Hi ,

 

DNS requests must be seen by the MX. So they can't be encrypted and can't be intra-vlan DNS requests. 

 

DNS requests over Auto-VPN/NMVPN is fine.

DNS requests over Internet is fine.

DNS requests inter-vlan is fine.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.