firewalla gold and DNS
New user of firewalla gold and finally got around to setting up and have run into an issue. I have a local domain with windows 2019 servers and desktops on a cisco switch. Switch is configured with vlans and I am pointing all traffic out to the firewalla gold via a trunk port allowing all vlans. I set up vlans on the firewalla gold mirroring what i have in the cisco switch. The problem i am running into is accessing the file shares. Once I turn dns over https on I can get internet access on all my desktop pc's but not file share access to my servers. turn it off and access to file shares but no access to internet.
Not sure what I am doing wrong here but if anybody has a solution to this it would be appreciated.
-
Hmm.. I have a similar setup. I have the Firewalla Gold set up in Router Mode, it is also the DHCP. On my main network (192.168.2.0/24 plugged into port 3 of the Gold) I have starting ip as 192.168.2.100 - 192.168.2.250 and set the Primary DNS Server as my DNS server on my AD Domain (192.168.2.2).
I also have 2 different vlans all coming off of port 3 that also have the dns as my domain server. I don't have a issue with that setup and can correctly resolve all names.
I do not have DNS over HTTPS turned on.
-
Thank you for the reply. Unfortunately, I am not having the same luck. It is possible I am inputting something incorrectly on the firewalla. I have 2 networks setup and 1 goes thru a USG router and my test network is going thru the Firewalla. The USG resolves just fine and no issues with internet and A/D access of files.
The firewalla with a separate domain and network there are definitely issues when I turn DNS over https on/off.
Currently i have the firewalla gold set with main lan 1 being 192.168.127.1 static and i have the port trunked to a cisco 3750G switch (old but works great) with an ip route for all traffic to go there. I have 2 vlans, a server (192.168.15.xxx) and a desktop (192.168.20.xxx). I did set up vlans off port 1 (where lan 1 is) and mirrored the vlans with the respective vlan 15 and 20. Also put my 2 servers in for DNS on lan 1 and the 2 vlans. DHCP is handled by the servers and DNS queries should also be handled by them as I have DNS forwarders to opendns and verizon for resolution.
Not sure what else to try here as this is a new/clean setup for the firewalla gold router and the servers/desktops worked fine on the USG. I even put it back on the USG and no issues.
Both networks are 100% segregated to ensure it would be a valid test so not sure what else to do. If you have any ideas please let me know.
-
DNS is listed on the main network. I am going to wipe the firewalla gold and start again as I am not sure what else to do here. The funny part is it is reproducible. I turn dns over https on and no file shares available on the network but internet access works just fine. Turn it off and file shares are accessible but no internet.
-
I got a response from the Firewalla support team and according to them firewalla gold in router mode is always a wan facing device which makes it very tricky to get it to route between different networks (still not sure what that means as I have utilized cisco routers/firewalls, linksys routers, and now Unifi all of which work just fine). So I found it too problematic getting it to work as my domain is a "*.local" not a public domain. Ending up purchasing a UDM Pro which has the same throughput, router and firewall capabilities and have the firewalla sitting on a shelf shut off.
-
@rolando Can you let me know the use case here? I will see if I can escalate this to our developers and get more attention. The Gold in 1.971 moved NAT feature out from the WAN interface, so it can be controlled with on/off, and the included static routes will be able to help you build a complex network without NAT. 1.972 will have a pretty flexible source NAT control, which will help you to send traffic from any of the attached networks through firewalla NAT. (advanced network only)
Please sign in to leave a comment.
Comments
10 comments