cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Verify that DNS tunneling is being prevented in R80.10

How do I verify that DNS Tunneling is being blocked in R80.10. I have found allot of good info if I was running R77.30 but it doesn't covert very well to R80.10.

6 Replies
Admin
Admin

Re: Verify that DNS tunneling is being prevented in R80.10

The DNS Tunneling protection was introduced in R77.30 and, to the best of my knowledge, it should work the same in R80.x.
You need to make sure it is enabled in the relevant IPS profile.
It is NOT enabled by default in any of the default IPS profiles. 

Screen Shot 2019-12-06 at 4.15.13 PM.png

Highlighted

Re: Verify that DNS tunneling is being prevented in R80.10

Thanks for the quick reply and screen shots.  After looking I do not even see DNS Tunneling as an option when I search under the IPS Protections. Is this something that is easy to correct or should I open a ticket with support?

 

Thanks
Matt

Admin
Admin

Re: Verify that DNS tunneling is being prevented in R80.10

Have you updated the IPS signatures at all?
It's a fairly old signature so if you've done it even once, it should be there.
0 Kudos

Re: Verify that DNS tunneling is being prevented in R80.10

Yes the last update was on 12/8/2019 Version 635198194.

0 Kudos
Admin
Admin

Re: Verify that DNS tunneling is being prevented in R80.10

I checked both in Demo Mode for R80.10 and R80.30 as well as my R80.30 Management server, it's definitely there.
Sounds like a TAC case is in order.
0 Kudos

Re: Verify that DNS tunneling is being prevented in R80.10

Found it!! I believe that since we had it "Inactive" it would not show up in my search under IPS. So once I Went to IPS (1) > Protections(2) > IPS(3)  then I could find it search(4) find it.

Thanks for the help.

 

DNS_Tunneling.JPG