At an ISP customer's site, a log of the customer's users access the Internet through the USG5300. During busy hours, a lot of Operating system users cannot open Web pages.
1. Check the interface traffic during busy hours. The network bandwidth and firewall forwarding performance are normal.
2. Help users rectify operating system problems.
3. When the problem occurs, operating system users can use chatting applications, such as QQ but cannot open Web pages. When the domain name is pinged, the name cannot be resolved. Therefore, the problem is DNS-related.
4. Because users who use other operating system can access the Internet normally, so the problem does not originate from the DNS service provider.
5. Check the firewall configuration. The DNS flood attack defense function is enabled on the firewall. Disable the function. The problem is rectified.
6. According to the analysis of the DNS attack defense principle, when the interface receives over 1000 DNS requests every second when the DNS attack defense is enabled, the firewall starts the defense. Specifically, the firewall requests the peer end to send TCP DNS requests upon receiving UDP DNS packets. Because the operating system does not supports TCP DNS, Operating system users encounters the problem that domains names cannot be resolved normally.
1. The network bandwidth is insufficient. As a result, some users cannot access the Internet.
2. Users' operating system is problematic or their DNS settings are incorrect.
3. The USG5300 forwarding performance is not high enough or the USG5300 has other problems.
When you encounter a firewall problem, find which functional module is relevant to the problem, and then perform thorough analysis.