Hello Check Point Collective,
I'm trying to work out why I am seeing DNS traffic being sent to (3) internal AD servers coming from a dummy host object created for natting the IP address of the wrp interface on a VSX cluster.
Log entry below:
The traffic was getting flagged against Address Spoofing so we have added it to the Anti-spoofing group to remove the Detect from logs. But I would still like to understand why the traffic is being seen on this object.
R80.20SP / Take: 304
VSX running on Maestro.
I think the traffic may be due to the DNS configuration in GAIA pointing to these servers but I am not certain.
Any ideas?
| User | Count |
|---|---|
| 23 | |
| 17 | |
| 11 | |
| 10 | |
| 9 | |
| 8 | |
| 7 | |
| 6 | |
| 5 | |
| 5 |
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEAThu 05 Dec 2024 @ 03:00 PM (CET)
Mastering Regulatory Compliance in Banking and Finance (EMEA)Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
