Operational Defect Database
BugZero found this defect 608 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S0000007lfcSAA
Reverse proxy does not resolve FQDNs when public and private DNS servers are configured
Last update date:
9/19/2022
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
Fixed releases:
v12.9
Description:
Issue
The service used by an Access Portal reverse proxy queries Firebox DNS servers in round-robin order, instead of from first to last. For the Firebox to resolve the reverse proxy internal URL to a private IP address, it must use a private DNS server. If the Firebox configuration includes a mix of public and private DNS servers, the reverse proxy sometimes tries to resolve the internal URL addresses with a public DNS server, which causes the name resolution to fail and the internal page to not load through the reverse proxy.If DNSWatch enforcement is enabled, the reverse proxy might also try to use DNSWatch servers for name resolution with an internal URL.
Workaround/Solution
Use only private DNS servers in the Firebox network settings, or use private IP addresses for the internal URL and bypass DNS resolution.
