- Products
- Learn
- Local User Groups
- Partners
- More
Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
The log is showing that the DNS request crossing the FW originates from your DNS server.
This is usually the case when you have an infected machine in your internal network that is querying a malicious site or URL. The first DNS request is not crossing the FW, it goes from the infected machine to your internal DNS server, and then the DNS server is relaying that request to the Internet.
Unless you place your FW between your DNS server and your internal network segment, you won't be able to find the offender via the FW logs.
However, you might figure out the offender in the DNS server logs, if you have any.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY