Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matt_Reed
Participant

Verify that DNS tunneling is being prevented in R80.10

How do I verify that DNS Tunneling is being blocked in R80.10. I have found allot of good info if I was running R77.30 but it doesn't covert very well to R80.10.

6 Replies
PhoneBoy
Admin
Admin

The DNS Tunneling protection was introduced in R77.30 and, to the best of my knowledge, it should work the same in R80.x.
You need to make sure it is enabled in the relevant IPS profile.
It is NOT enabled by default in any of the default IPS profiles. 

Screen Shot 2019-12-06 at 4.15.13 PM.png

Matt_Reed
Participant

Thanks for the quick reply and screen shots.  After looking I do not even see DNS Tunneling as an option when I search under the IPS Protections. Is this something that is easy to correct or should I open a ticket with support?

 

Thanks
Matt

PhoneBoy
Admin
Admin

Have you updated the IPS signatures at all?
It's a fairly old signature so if you've done it even once, it should be there.
0 Kudos
Matt_Reed
Participant

Yes the last update was on 12/8/2019 Version 635198194.

0 Kudos
PhoneBoy
Admin
Admin

I checked both in Demo Mode for R80.10 and R80.30 as well as my R80.30 Management server, it's definitely there.
Sounds like a TAC case is in order.
0 Kudos
Matt_Reed
Participant

Found it!! I believe that since we had it "Inactive" it would not show up in my search under IPS. So once I Went to IPS (1) > Protections(2) > IPS(3)  then I could find it search(4) find it.

Thanks for the help.

 

DNS_Tunneling.JPG

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events