Who rated this post - Check Point CheckMates

Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages

Introduction to Lakera:
Securing the AI Frontier!

Watch Now!

Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall

Learn More

HTTPS Inspection
Help us to understand your needs better

Take the Survey

CheckMates Go:
SharePoint CVEs and More!

Listen Now

Check the firewall logs for connection attempts to 62.0.58.94. This is the default DNS trap IP that the firewall will modfiy the DNS response to. As the logs say: "DNS response was replaced with a DNS trap bogus IP. See sk74060 for more information"

As mentioned, you are only seeing the DNS query flagged at the firewall from the DNS servers, without DNS logging, your best bet is to look for the subsequent connection from the actual client to the DNS trap IP, probably HTTP/HTTPS but could be something else from the client to the DNS trap IP.

Who rated this post

Explorer

Rating date: