Marco Valenti

Threat Prevention dns trap and resource categorization

Discussion created by Marco Valenti on Aug 14, 2018
Latest reply on Jan 14, 2019 by Valeri Loukine

Hey Checkmates


I would like to share with you about the dns trap feature available on the threat prevention software blade.

We actually configure this feature on every profile we create , but looking at the log there is something that at the moment I don't understand.

According to the following sk no matter you select on the engine settings for the threat prevention some kind of traffic will go in background due to traffic latency.

Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization 

My doubt is that regarding the following log should dns trap avoid this kind of connection redirecting the dns name to the bogus ip?

At the moment we did not have an entry log for the bogus dns trap ip related to this traffic.

Is the only way to avoid such connection to modify the following file on the security gateway?



Thanks in advance