Hello Check Point Collective,
I'm trying to work out why I am seeing DNS traffic being sent to (3) internal AD servers coming from a dummy host object created for natting the IP address of the wrp interface on a VSX cluster.
Log entry below:
![wcbc dns request edit.JPG wcbc dns request edit.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/12450i058EC9CEE1EAE1D3/image-size/large?v=v2&px=999)
The traffic was getting flagged against Address Spoofing so we have added it to the Anti-spoofing group to remove the Detect from logs. But I would still like to understand why the traffic is being seen on this object.
R80.20SP / Take: 304
VSX running on Maestro.
I think the traffic may be due to the DNS configuration in GAIA pointing to these servers but I am not certain.
Any ideas?
PobXL