Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Leader
Leader

DNS requests from gateway for malicious websites

Dear CheckMates,

sometimes we observed that the gateway does DNS requests to the configured DNS servers for malicious websites.
One of the sites as an example  is "www.homng.net".

Why is the gateway trying to get the IP for malicious websites?
Any of the ThreatPrevention feature which does DNS requests sometimes for known malicious websites ?


thanks

Wolfgang

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

My guess is this is part of SNI verification, which happens even if you’re not doing HTTPS Inspection.
So, relevant for R80.30 JHF and above.

0 Kudos
KostasGR
Contributor

Hello Wolfgang

Maybe are you using Custom Intelligence Feeds (sk132193)?

BR,
Kostas

0 Kudos