- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Overlap in Security Validation
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
The log is showing that the DNS request crossing the FW originates from your DNS server.
This is usually the case when you have an infected machine in your internal network that is querying a malicious site or URL. The first DNS request is not crossing the FW, it goes from the infected machine to your internal DNS server, and then the DNS server is relaying that request to the Internet.
Unless you place your FW between your DNS server and your internal network segment, you won't be able to find the offender via the FW logs.
However, you might figure out the offender in the DNS server logs, if you have any.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY