Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] DNS traffics can pass through without authentication



Article ID: KB5985 KB Last Updated: 05 Oct 2019Version: 5.0

DNS traffics can pass through without authentication


Here is the problem or goal:

  • DNS traffics can pass through without authentication
  • DNS traffics don't need authentication
  • Domain name resolved without authentication

Problem Environment:

  • Only 1 outgoing permit policy for any service.  Authentication is enabled in the outgoing policy

ScreenOS firewall architecture is designed to pass DNS traffics without authentication.


Assume :  Outgoing traffic to the Internet (ISP DNS in Internet as well).

When the trust PC browses, it resolves the IP address first through DNS request before it sends out the http request through the NetScreen. DNS request is passed without authentication and Netscreen prompts PC for authentication in the browser after the NetScreen receives the HTTP request packet

Modification History:
2019-10-05: Archived article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search