Hi to all,
upgrading our ASG 220 HA to 8.306 didn't seem to be the best idea.
First issue was the high CPU load generated by the new IPS engine
Next trouble that came up has to do with DNS-Hosts.
Some of our firewall rules use internal DNS-Hosts because clients get their IP by DHCP and so can only be defined by their DNS-Name.
This worked fine until now.
After update to the above named version the DNS-Host definitions don't seem to be polled very frequently.
A Notebook, which changed it's IP yesterday is now, nearly 24 hours later, still resolved to it's former IP.
Easy to imagine the result: the rule based on this DNS-Host entry does not work ! :mad:
Strange enough - when I use the tools menu and ping this notebook by name (which I copied and pasted from the DNS-Host)
I get a reply from the new IP.
At this point name-resolution seems to work.
As bad as this is - does anyone have a workaround to trigger update of DNS-Hosts manually ?
Regards
OU
upgrading our ASG 220 HA to 8.306 didn't seem to be the best idea.
First issue was the high CPU load generated by the new IPS engine
Next trouble that came up has to do with DNS-Hosts.
Some of our firewall rules use internal DNS-Hosts because clients get their IP by DHCP and so can only be defined by their DNS-Name.
This worked fine until now.
After update to the above named version the DNS-Host definitions don't seem to be polled very frequently.
A Notebook, which changed it's IP yesterday is now, nearly 24 hours later, still resolved to it's former IP.
Easy to imagine the result: the rule based on this DNS-Host entry does not work ! :mad:
Strange enough - when I use the tools menu and ping this notebook by name (which I copied and pasted from the DNS-Host)
I get a reply from the new IP.
At this point name-resolution seems to work.
As bad as this is - does anyone have a workaround to trigger update of DNS-Hosts manually ?
Regards
OU