>>On the other hand, I detected the Firewall-1 denies the replies packets to >>the server, I mean, the DNS server can not query other servers outside the >>network., because the Firewall drops the replies, although the option >>"Accept UDP Replies" in the global Policies, is activated.
The accept UDP replies applies to response packets for firewall not the DNS server behind the firewall. The rules should be explicitly defined. Any Dns_server domain-udp Accept domain-tcp the above rule will enable internet to query your domain's DNS server behind your firewall. Dns_server Any domain-udp Accept domain-tcp the above rule will enable your DNS server to query external DNS servers in Internet. Restrict zone transfers in DNS servers , rather than closing port domain-tcp. regards, U.SivaKumar, HCL Infosystems Limited. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
