Knowledge Search


×
 

[Archive] [ScreenOS] DNS traffics can pass through without authentication

  [KB5985] Show Article Properties


Summary:

DNS traffics can pass through without authentication

Symptoms:

Here is the problem or goal:

  • DNS traffics can pass through without authentication
  • DNS traffics don't need authentication
  • Domain name resolved without authentication

Problem Environment:

  • Only 1 outgoing permit policy for any service.  Authentication is enabled in the outgoing policy
Solution:

ScreenOS firewall architecture is designed to pass DNS traffics without authentication.

Example:

Assume :  Outgoing traffic to the Internet (ISP DNS in Internet as well).

When the trust PC browses  http://www.juniper.net, it resolves the IP address first through DNS request before it sends out the http request through the NetScreen. DNS request is passed without authentication and Netscreen prompts PC for authentication in the browser after the NetScreen receives the HTTP request packet

Modification History:
2019-10-05: Archived article.
Related Links: