Configure DNS Resolution for Firewall Analyzer Reports

    Firewall Analyzer by default displays the IP addresses of the Source and Destination that participate in the conversation going through Firewall. It also has the option to resolve the IP addresses to DNS names (whichever could be resolved) in the individual reports. You can do it by clicking Resolve DNS link that is provided in the report page. Moreover, Firewall Analyzer provides an option to configure DNS resolution for all the reports.

    DNS resolution can be configured by following the steps given below:

    1. In the Firewall Analyzer web client, select the Settings tab.
    2. In Settings screen, select the Admin > System > DNS link. DNS page appears.
    3. On the top, there are three options provided with radio buttons. Select an option as per your requirement, by clicking the radio button. The options are:
      1. By automatic
      2. On click
      3. No lookup
    1. Select Resolved DNS count in cache as per your requirement from the drop down list. The list options are 5000, 7500, and 10000. This denotes the number of IP address and DNS name mappings to cached in the memory of the machine. You can leave it undisturbed with the default value.
    2. Click Save to effect the Resolve DNS Configuration. Click Cancel to cancel the configuration operation.

    Manual DNS Configuration

    If you want to configure DNS name manually, click the link "New". In that screen, there will be two text boxes, "IP Address" to enter the IP Address and "DNS Name:" to enter the DNS Name to which the IP Address should be mapped.

    You can add more mappings using the Add button at the bottom. Click Save to effect the Manual IP,DNS Mapping . Click Cancel to cancel the configuration operation.

    If you want to delete the manually added entries, click the 'Delete' icon. Click the 'Edit' icon to modify the entries.

    Note:
    • The 'Add' manual configuration will update IP, DNS mappings into Firewall Analyzer memory.
    • Manually added values will overwrite already resolved IP,DNS mappings.
    • On the fly report generation is possible, if you configure DNS mapping manually in case of dynamic IP address allocation using DHCP protocol.

     

    Description of the options

    By automatic

    In this option, Firewall Analyzer will perform reverse NS lookup of all IP addresses automatically. This will be carried out for all the reports and the only DNS names (whichever could be resolved) will be displayed in the reports.

    Use this option, if you want to see only DNS names of the hosts in all your reports.

    On click

    In this option, Firewall Analyzer will not perform reverse NS lookup of IP addresses automatically and will display the IP addresses of the Source and Destination that participate in the conversation going through Firewall and if you want DNS names to be displayed for the hosts for a particular report, you can use the Resolve DNS link in the report.

    In each of the individual reports a  Resolve DNS link has been provided at the top. Clicking this link enables DNS Resolution for all the IP Addresses of the unresolved hosts present in the current report. The status of DNS Resolution depends on the default DNS lookup time, within which Firewall Analyzer will try to resolve the IP Address.

    This is an existing option. Use this option, if you want to see DNS names of the hosts only in particular reports.

    Note: If DNS Resolution is in progress for any other Firewall Analyzer user, then the subsequent user will see the message "Please wait, DNS Resolution in progress for another user" when clicking Resolve DNS link. Once the DNS Resolution is complete for the first user, then the DNS Resolution for the subsequent user begins automatically.

    No lookup

    In this option, Firewall Analyzer will display only the IP addresses of the Source and Destination that participate in the conversation going through Firewall.

    If you select this option, Resolve DNS option will not be available for any of the reports.

    Use this option, if you want to see only IP addresses of the hosts in all your reports. 
    Note:  Firewall Analyzer will resolve all the IP Addresses into DNS names which are resolved by the 'nslookup' command from the machine where the product is installed.

     

    Import file for DNS Mapping

    You can create the mapping file in two formats: .txt and .csv

    The mapping format for .txt file is <IP address=DNS name> and the mapping format for .csv file is <IP address,DNS name>


    Sample format

    .txt file

     192.168.140.241=dcqa-w10-64-2.csez.zohocorpin.com.
    192.168.140.242=mari-4018.csez.zohocorpin.com.
    192.168.140.243=balaji-7086.csez.zohocorpin.com.
    192.168.140.244=AVX86F932.csez.zohocorpin.com.
    192.168.140.245=AVXA52C65.csez.zohocorpin.com.

    Sample format

    .csv file

     192.168.140.246,opm-test.csez.zohocorpin.com.
    192.168.140.247,jayakumar-0446.csez.zohocorpin.com.
    192.168.140.248,manoj-7159.csez.zohocorpin.com.
    192.168.140.249,jagan-7424.csez.zohocorpin.com.
    192.168.140.250,DESKTOP-0L39CQF.csez.zohocorpin.com.

    You can create the mapping file in any one of the two formats and import it into Firewall Analyzer.