Lumu Circumvention and Firewall Rules

Circumvention and Firewall Rules

Savvy users may try to modify their DNS settings to circumvent the environment’s default DNS settings. Most routers and firewalls will allow you to force all DNS traffic over port 53 on the router, thus requiring everyone on the network to use the DNS settings defined on the router, the Lumu DNS servers or your Virtual Appliances.

Recommendations

The preferred recommendation is to forward any DNS requests going to non-Lumu IP’s to the IPs you define. In consequence, you will always invisibly forward any DNS requests to Lumu instead of allowing anyone to manually configure a DNS.

Alternately, create a firewall rule that allows DNS (TCP/UDP) to go only to Lumu servers and restricts all other DNS traffic to any other IPs.

Remember to first register your public IP address or group of IPs as a gateway for your company at the Lumu Portal before configuring your DNS.

Essentially, add the following filter or rule to the firewall located at the edge of the network:

in the following example, we are using the Lumu default IPs.

ALLOW TCP/UDP IN/OUT to 50.17.0.10 or 3.87.85.24 on Port 53
BLOCK TCP/UDP IN/OUT all IP addresses on Port 53

The first rule trumps the second rule; therefore, any requests going to Lumu (or to a Virtual Appliance) will be allowed, and any DNS requests to any other IP will be blocked.

Depending on your firewall configuration interface, you may need to configure a separate rule for each of these protocols or one rule that covers both of them. The rule can be applied on either the firewall or the router, but normally is best placed on the device located at the network edge. A similar rule may be applied to software firewalls installed on a workstation as well, such as the built-in firewall on Windows or macOS.

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • How does Lumu compare to a DNS firewall?

          Lumu and DNS firewalls are different technologies, designed with different purposes in mind. For starters, Lumu is a technology that was built from the ground up with a single objective: help to measure and understand your unique compromise level in ...

        • What Hostname permissions should I add to my Firewall before deploying a VA?

          What are the Hostname permissions required by my Firewall to prevent it from blocking the Lumu VA? For the proper operation of the Lumu Virtual Appliance, you must configure your network’s firewall to allow connections to the hostnames listed below ...

        • Can Lumu replace the DNS Firewall?

          DNS firewalls and Lumu are solutions used to address different challenges. Lumu can add incredible value to the security strategy of your organization whether you have a DNS firewall or not. Organizations that have not invested in a DNS firewall find ...

        • How can Lumu and DNS Firewalls work together?

          If your company already has a DNS firewall like OpenDNS (currently, Cisco Umbrella), Infoblox, or the like, Lumu seamlessly integrates with your DNS firewall to continue to benefit from blocking malicious DNS requests, while layering real-time ...

        • I am worried about privacy, is Lumu able to see all the data that goes through my network?

          We only see network metadata, which means that we do not see any confidential information like passwords. The information that we see are IPs and hostnames. All other information is discarded. To run Continuous Compromise Assessment, we do not need ...