Bluejeans udp 5353 traffic being identified as DNS

  • 1
  • Question
  • Updated 2 years ago
We have recently moved to application policies on our Palo Alto Networks firewalls. We are using a port group with the UDP and TCP ports that are recommended, but we have gone a step further by analyzing the traffic logs and enabling applications identification on the current poicly.

Currently we have identified rtcp, bluejeans, stun, rtp-base, h.225, h.245, and fetion-audio-video applications running over the recommended ports. This has seemed to capture all of the traffic except for one. We are now seeing DNS traffic over udp 5353 to IP addresses that are owned by bluejeans.  Done anyone know if the endpoints do actually call out to bluejeans for DNS?  Also if it does can you point this out in the documentation. It might be a false positive, but just want to ask the question before I start looking at packet captures.

Photo of Justin Steinkamp

Justin Steinkamp

  • 70 Points

Posted 2 years ago

  • 1
Photo of Joseph Ng

Joseph Ng

  • 786 Points 500 badge 2x thumb
I am also using PA firewall but did not see identified DNS traffic on UDP5353.  Which endpoint you are using?