EFW Support

While investigating a separate issue on our internet connection, I discovered that DNS Forward was not working on our DNS servers. It works perfectly fine if I set the servers up to bypass the firewall so I figured it must have been a configuration issue on the firewall. We're running Endian Community Firewall 3.0. I've tried adding in an 'incoming routed traffic' rule for port 53 but this doesn't seem to solve the problem. Does anyone know where I need to add in the port exception so that my local DNS servers can query the internet for external DNS?

Have you a rule in "Outgoing traffic", like this: Source: GREEN (ORANGE, BLUE); Destination: RED; Service: DNS; Protocol: TCP+UDP; Port: 53; Policy: ALLOW with IPS?

The outgoing firewall is currently not enabled. I assume this means that all traffic is allowed?

When I ran a traceroute on one of the IPs being used for as a DNS forward, the ping reached the end server but did not make the return journey back to me. This is why I thought it was a firewall issue.

Usually, all traffic (inbound and outbound) is blocked (disabled) by default.
You must enable "Outgoing traffic" to reach the internet. Then, you must define rules according to your needs.
There are some rules that are enabled by default by the system. One of these rules is from Firewall -> Outgoing traffic -> Show system rules: Allow Ping/Traceroute (ICMP/8, ICMP/30).

Thanks for your help. I enabled the outgoing firewall and my download speed was instantly reduced by 50%. I can't leave it like that without impacting the rest of the company so I've disabled it again. However my original problem now seems to have resolved itself so I'm wondering if BT's DNS servers weren't working yesterday when I checked. I'll keep an eye on it for now and investigate the outgoing firewall options again if the problem comes back.

Thanks again for your help!