This is driving me nuts... and by the looks of things, has been a problem with these firewalls for VERY long time.
I have two of these things... and they both exhibit the SAME behavior. Latest firmware ( v4.3.3-6 ). They seem to REFUSE to pass any DNS querry traffic at all. I can ping out to anything by IP address but NOT by name. Doesn't make a bit of difference who's DNS servers I try to use... doesn't work.
I've done hard resets on them... reconfigured from scratch... one of them I can get going by doing this but if it ever requires a reboot for any reason... I've got to do it all over again. The second one... I cannnot get to pass DNS querry traffic at ALL... no matter WHAT...
What the hell is up with these things??? Did I waste my money here??? Frustrated...
I have tested this on my end and I didn't encounter the issue that you reported. Can you confirm if we have the same pattern of IP and DHCP configuration on the VLAN (default) where your PCs are connected to?
You may also want to check if the PC hostname you are pinging is listed correctly on the LAN Groups page in the FVS318N user interface.
First I should appologize for my frustration... I had been trying to resolve this issue for roughly 4 hours...
After more than 5 restarts of both the cable modem and the firewall, it finally began passing DNS requests from the LAN to the WAN and back again. I had cranked up logging in an effort to determine what was taking place and / or failing. The logs of the firewall were claiming the DNS querry traffic was indeed being passed but since it's UDP (non hand-shaked traffic) the only thing I can think of that must have been happing were the arp tables were still invalid causing the traffice to never reach its destination. This firewall was replacing an antique Sonic wall so naturally the MAC addresses had changed. And yes... the hosts behind the firewall had indeed been listed as shown above, part of the initial configuration I had done right from the start. This unit is my second with the first one having been in use for some time... consequently I do have some experience with these devices. 🙂
Actually yes, there are now. I had not setup any at all until I got the DNS traffic working correctly. Of course the default outgoing rule never shows... and it's my understanding that it shouldn't anyway. Is that correct? (I hope that's correct, because neither of the two FVS318N's that I have show the default outgoing rule)
Yes that's true. I believe there is a drop down button at the top of the LAN/WAN rules page where you can set the default outbound policy to allow or block always. Going back to the main problem you reported, if it persists again, I suggest you contact our support team to create a ticket and checked by one of our Engineers.
Yes SamirD... I have to manually enter everything anyway. I'm on a business class connection so there is no DHCP server. Address, subnet mask, gateway and DNS servers all have to be enterred manually. I had tried the DNS proxy enabled and dissabled but niether way did the trick. I then turned up logging as high as it allowed and I could see that the firewall was claiming DNS requests were traversing correclty but since DNS uses UDP (User Datagram Protocol) which does not do any sort of acknowledge / negative acknowldge of packets (like TCP does)... there was no way to determine where the breakdown was. As it turned out... just repeated reboots of of both the cable modem and firewall finally got it working.
I have two of these devices now. Since I have 5 public IP addresses, the devices each use one of the 5 for different internal networks. Once they're up and running though they seem to be rock solid. But any reboot required (such as a firmware update) and the entire process starts all over again. Reboot the devices until they start working correctly seems to be the norm.
And BrianL: No ... there doesn't appear to be any "dropdown" at all to view the default outgoing rules. I poked around quite a bit out of curiosity, but since they're working correctly right now that's not a problem at all. 😄
I still say though... for the cost of these devices... you just can't beat them.
Ahh, this makes perfect sense. Yes, mine do exactly the same thing upon any type of reboot. It's usually 15-30 minutes before the unit is stable enough to use, but then it will be up for many months without an issue. So, it's 'normal'. As you said, bang for buck they're a good deal even with the quirks like this.
And here's my method to get back online. Reboot the modem and let is stabilize, then unplug the ethernet between the router and the cable modem, reset the router, let it stabilize a bit (test light turns off) and then plug the ethernet back into the cable modem and wait. Still takes a while (15m+), but seems to work quicker than random reboots.
Excellent idea SamirD! I'll try that the next time I need to restart and see how it goes. 😄
I needed a device that I could keep up to date, would fit into the budget... and not require an insanely expensive support contract just to keep firmware up to date against exploits and the like. These little babies fit the bill perfectly... and the lower power consumption is an added bonus.
