Operational Defect Database
BugZero found this defect 530 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000BbshSAC
Microsoft Azure logon services unavailable when you use DNSWatch or DNSWatchGO
Last update date:
12/6/2022
Affected products:
DNSWatch
Affected releases:
Any/Unknown
Fixed releases:
All
Description:
Issue
Users of the DNSWatchGO Client or users protected by a Firebox with DNSWatch enabled might see unexpected DNSWatch error pages when they try to authenticate to Microsoft services that use Azure for authentication, such as portal.azure.com. These Azure domains use chains of CNAME records to help direct users to the closest Azure gateway. Some of the CNAMEs in the chain are not categorized in the DNSWatch Content Filtering database. Any content filtering policy that blocks uncategorized domains will be blocked by the default DNSWatch content filtering policy.
Workaround/Solution
WatchGuard is working with our content filtering database vendor to categorize the affected CNAMEs correctly. As a workaround, review all content filtering policies and allow Miscellaneous > Uncategorized. If you prefer to block uncategorized domains with DNSWatch, add exceptions for these domains (including subdomains): fdv2-t-msedge.netfbs1-t-msedge.nettrafficmanager.nett-msedge.net
