Certain flow types missing?

Follow

JeeHaa

• October 01, 2022 10:28

I tried a couple of commands on a Win11 client:

• nslookup www.google.com 8.8.8.8
• ping 8.8.8.8
• test-netconnection 8.8.8.8 -port 8443
• test-netconnection 8.8.8.8 -port 443

They all succeed, but I can't find any of them in Flows. I also tried some other dns resolvers with the same result. I do see other UDP traffic logging, for example NTP. And I would at least expect to see the 443/tcp test?

Are certain DNS and ICMP requests not logged?

0

• 

  Firewalla

  • October 01, 2022 17:22

  DNS traffic are treated special, since the system always process them and forces them into the pre-configured servers. So they do not show up as logged

  ICMP requests are not logged, there just too many of them

  0

  Comment actions Permalink
• 

  JeeHaa

  • October 01, 2022 18:00

  Thanks, that's what I suspected. 

  Might be a good idea to mention explicitly how DNS works on FW, because it can get quite confusing with LAN/WAN DNS settings, DNS Booster (in a completely different menu), DOH and also Family Protect and Safe Search.

  This is a great article:
  https://help.firewalla.com/hc/en-us/community/posts/4403172242451-Demystifying-Firewalla-s-DNS-Configurations

  Questions:

  1) Can you confirm that when I use the "DOH Target List" to create a block rule for all devices, it will still allow Firewalla to do DOH queries (I assume so)?

  2) Does FW intercept all dns  queries (udp/53 and tcp/53) to any external dns server and forward it to the Firewalla local resolver or configured DNS DOH, if it is configured?

  3) If I want to allow a specific DOH Host different than the one defined on Firewalla for some clients: is there a way to "override" the built-in list, or do I need to create an Allow rule for that DOH with higher prio than the block? 

   

   

  0

  Comment actions Permalink

Please sign in to leave a comment.