If the ProxySG is bypassing DNS traffic, and it receives a DNS inquiry from a client unexpectedly, ProxySG sends "ICMP destination (port) unreachable" back to the client, so as to provide better network performance.
On the other hand, if the ProxySG is acting as a DNS client to a DNS server and queries a DNS server for IP address resolution, and the server sends a response such as "server failure," 10 seconds or so after the client's request, the ProxySG would then respond with the "ICMP destination (port) unreachable" packet to the server because the indicated process port is no longer active and could not receive the packet.
Both of these cases occur frequently and are expected behavior on the ProxySG.
Imported Document ID: 000016286
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.