- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-10-2020 12:49 AM - edited 06-10-2020 12:50 AM
Hi Community,
I can see my firewall is sending DNS requests ( request for A record) to resolve some of internal hostnames.
This looks like firewall is trying to resolve in real time. I understands that firewall will be using DNS for reporting, management services (such as email, Kerberos, SNMP, syslog) as per document. But not sure because of which of this reason firewall is trying to resolve these internal hostnames. It would be helpful if anybody can answer this.
Thanks in advance !
06-10-2020 07:28 AM
Do you have WMI probing enabled within User Identification?
06-10-2020 07:37 AM - edited 06-10-2020 07:38 AM
Hi @BPry ,
Thanks for your input.
I thought of this possibility as WMI probing is enabled, but as the user IP mapping entries will be IP address, i don't see a need for PA to do a DNS query for device hostnames other than the hostname of AD servers.
I am wondering if there is any two way of verification to find the hostname of an IP, then a DNS query for A record for verifying it.
Thanks in advance.
06-30-2020 11:01 PM
Hi All,
Anybody have any though on this.. i can see the DNS query for only couple of servers (it should not be for WMI i feel as i can see it only for very less endpoints directly connected to firewall). I am even confused how firewall got this hostname in first place.
Thanks in advance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!