06-22-2018 02:20 AM - edited 06-22-2018 02:48 AM
PA itself was generated the DNS queue of the domain that the management interface
Why would it come up with this action, and DNS proxy do not enabled.
Please kindly advise.
Log:
This host was detected performing a DNS lookup for the domain en[dot]wt1[dot]pw. Although no traffic was detected with the IP behind this domain, this domain is used to buy and sell credit card numbers, bank accounts, and other similar content.
06-22-2018 06:20 AM
Hi,
If I understood your question correctly:
You will see DNS traffic come from the management interface when the firewall needs to refresh FQDN objects. There is also a correlating log for this that is shown as "dnsproxy" even if DNS proxy is not configured.
Hope this answers your question.
Thanks,
Luke.
06-24-2018 06:41 PM
HI,
The PA try to DNS lookup for the domain en[dot]wt1[dot]pw. But I do not see this domain en[dot]wt1[dot]pw on FQDN qbject.
Is it possible that PA would check some problematic domain that not in FQDN also?
Thanks
Sam
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
