Chapter 9: Configuring Proxied Services
158
WatchGuard Firebox System
4
By default, all rules are enabled. You can enable or
disable the rules as you choose to determine which
packet originators are automatically added to the auto-
blocked sites list.
To be able to select or clear several consecutive rules as a group,
select the first rule, press Shift and select the last rule, and then
select one of the rules between the two selections.
To be able to select or clear several non-consecutive rules as a
group, press Ctrl and select each rule you want.
DNS file descriptor limit
The DNS proxy has only 256 file descriptors available for
its use, which limits the number of DNS connections in a
NAT environment. Every UDP request that uses dynamic
NAT uses a file descriptor for the duration of the UDP
timeout. Every TCP session that uses dynamic, static, or 1-
to-1 NAT uses a file descriptor for the duration of the ses-
sion.
The file descriptor limit is rarely a problem, but an occa-
sional site may experience slow name resolution and many
instances of the following log message:
dns-proxy[xx] dns_setup_connect_udp: Unable to cre-
ate UDP socket for port: Invalid argument
Summary of Contents for Firebox X10E
Page 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System ...
Page 12: ...xii WatchGuard Firebox System ...
Page 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System ...
Page 61: ...Cabling the Firebox User Guide 39 ...
Page 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System ...
Page 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System ...
Page 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System ...
Page 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System ...
Page 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System ...
Page 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System ...
Page 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System ...
Page 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System ...