Machine Trying to connect to malicious domain

Question

IP is trying to make connection to malicious domain .But issue is that that ip by which connection is going is my wan link Interface. 
 It mean all internal machine are getting access to internet by this and lot of my machine in my network not updated and dont have antivirus. 
 May be there is devices that are infected by the malware or be part of botnet. 
 How to stop it 
 do i need to make firewall rule , or should block website (apie.resonsecurity.com) that showing in logs . 
 or need to changes in web filtering 
 plz help

Vishal_R · Answer

Hi, Munish thakur You may enable the ATP to prevent any connection to such bad C&C IP.

Sophos Firewall: Configure Advanced threat protection (ATP)

support.sophos.com/.../KB-000035750

As of now for that domain if you think it is malicious and not required to allow, you may create firewall rule with action drop in towards WAN zone.

Machine Trying to connect to malicious domain

Top Replies