DNS/DHCP Server firewall - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

The following describes how to enable/disable the DNS/DHCP Server firewall.

You should ONLY disable the firewall for testing, debugging, or diagnostic purposes.
Warning: The DNS/DHCP Server firewall is enabled by default. it's used to secure the server against attack. BlueCat strongly advises against disabling the firewall. Disabling the firewall should only be performed for servers in a secure environment and only for short periods of time.

To configure the firewall on a DNS/DHCP Server appliance:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Under Servers, click the name of a BDDS. The Details tab for the server opens.
  4. Click the server name menu and select Service Configuration.
  5. From the Service Type drop-down menu, select Firewall. Address Manager queries the server and returns the current values for the service settings.
  6. Under General Settings, set the following parameter:
    • Enable Firewall Service—select this check box to enable the DNS/DHCP Server firewall; deselect this check box to disable the DNS/DHCP Server firewall.
      Important: The DNS/DHCP Server Firewall is used to secure the server against attack. BlueCat strongly advises against disabling the firewall. Disabling the firewall should only be performed for servers in a secure environment and only for short periods of time.
    • Allow Ping—select this check box to allow ping service on the DNS/DHCP Server firewall; deselect this check box to disable ping service on the DNS/DHCP Server firewall.
      Attention:
      • When enabled, you can ping the DNS/DHCP Server but the DNS/DHCP Server cannot ping other devices. If you try to ping other devices from the DNS/DHCP Server, you will receive the following error:
        ping: sendmsg: Operation not permitted
      • This option is not supported for DNS/DHCP Servers operating in an xHA pair. Applying this option to an xHA pair will only affect the current active server. Configure Allow Ping settings on DNS/DHCP servers individually before pairing. To work with an existing xHA pair, users can configure Allow Ping on the active, perform a failover, then configure it again on the new active.
  7. Click Update.