Sophos UTM: Domain blocked in Webfilter but UTM still looks up DNS?

Discussion in 'other firewalls' started by apraketam, Jan 18, 2018.

  1. apraketam

    apraketam Registered Member

    Joined:
    Jan 4, 2018
    Posts:
    3
    Location:
    earth
    Hi! After adding my pi-hole as DNS-Server in Sophos UTM, I noticed that some domains which are blocked in the webfilter and show up as actually having been blocked in the firewall logs still trigger a DNS request which shows up in the pi-hole logs.

    Is this behaviour OK, or is something wrong with it?

    Thanks a lot in advance!
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,503
    I just started thinking about building my own UTM with Sophos UTM Home as the Operating System.

    I know that this would be overkill, but is there any future proof advantage of having a UTM connections with 2 X 10GB Ethernet rather then 2 X 1GB Ethernet?

    Do CAT5/CAT6 Patch cables work OK with 10GB Ethernet?
     
  3. Erastus Seymour Pott

    Erastus Seymour Pott Registered Member

    Joined:
    Jan 17, 2017
    Posts:
    10
    Location:
    UK
    I would say the behaviour is ok. In order to go to a website, you have to resolve the FQDN which requires DNS Lookup.

    A webfilter does not block the action of resolving a DNS name, that is the job of the sinkhole. The web filter blocker http/https access to websites based on the policy.

    If the client is configured to use pi-hole as the DNS and the site is not blacklisted by Pi-Hole but is blocked by Web filter policy then access to the site should be blocked by the UTM.

    If the client is configured to use pi-hole as the DNS and the site is blacklisted by Pi-Hole and is blocked by Web filter policy then access to the site should be blocked by Pi-Hole.

    If the client is configured to use pi-hole as the DNS and the site is blacklisted by Pi-Hole and is not blocked by Web filter policy then access to the site should be blocked by Pi-Hole.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.