I would like to share with you about the dns trap feature available on the threat prevention software blade.
We actually configure this feature on every profile we create , but looking at the log there is something that at the moment I don't understand.
According to the following sk no matter you select on the engine settings for the threat prevention some kind of traffic will go in background due to traffic latency.
My doubt is that regarding the following log should dns trap avoid this kind of connection redirecting the dns name to the bogus ip?
At the moment we did not have an entry log for the bogus dns trap ip related to this traffic.
Is the only way to avoid such connection to modify the following file on the security gateway?
Thanks in advance