https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113721#M21315 <P>My guess is this is part of SNI verification, which happens even if you’re not doing HTTPS Inspection.<BR />So, relevant for R80.30 JHF and above.</P> Tue, 16 Mar 2021 20:06:50 GMT PhoneBoy 2021-03-16T20:06:50Z https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113479#M21281 <P>Dear CheckMates,</P> <P>sometimes we observed that the gateway does DNS requests to the configured DNS servers for malicious websites.<BR />One of the sites as an example&nbsp; is "<A href="http://www.homng.net" target="_blank">www.homng.net</A>".</P> <P>Why is the gateway trying to get the IP for malicious websites?<BR />Any of the ThreatPrevention feature which does DNS requests sometimes for known malicious websites ?</P> <P><BR />thanks</P> <P>Wolfgang</P> Mon, 15 Mar 2021 07:23:51 GMT https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113479#M21281 Wolfgang 2021-03-15T07:23:51Z https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113721#M21315 <P>My guess is this is part of SNI verification, which happens even if you’re not doing HTTPS Inspection.<BR />So, relevant for R80.30 JHF and above.</P> Tue, 16 Mar 2021 20:06:50 GMT https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113721#M21315 PhoneBoy 2021-03-16T20:06:50Z https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113723#M21316 <P>Hello Wolfgang</P><P>Maybe are you using Custom Intelligence Feeds (sk132193)?</P><P>BR,<BR />Kostas</P> Tue, 16 Mar 2021 21:20:11 GMT https://community.checkpoint.com/t5/General-Topics/DNS-requests-from-gateway-for-malicious-websites/m-p/113723#M21316 KostasGR 2021-03-16T21:20:11Z