Marco Valenti

Threat Prevention dns trap and resource categorization

Discussion created by Marco Valenti on Aug 14, 2018
Latest reply on Aug 14, 2018 by Marco Valenti

Hey Checkmates

 

I would like to share with you about the dns trap feature available on the threat prevention software blade.

We actually configure this feature on every profile we create , but looking at the log there is something that at the moment I don't understand.

According to the following sk no matter you select on the engine settings for the threat prevention some kind of traffic will go in background due to traffic latency.

Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization 

My doubt is that regarding the following log should dns trap avoid this kind of connection redirecting the dns name to the bogus ip?

At the moment we did not have an entry log for the bogus dns trap ip related to this traffic.

Is the only way to avoid such connection to modify the following file on the security gateway?

$FWDIR/conf/malware_config

 


Thanks in advance

 

Outcomes