I have been trying to test and go through various ATP configurations and although I can get a "web request blocked, threat detected" to show on the proxy logs when trying to load and infgected test site, I have not been able to force a DNS block which should show in /var/log/aptp.log. In fact I have not seen that log file created on any 9.2 beta UTM, hardware or software.
If I look through /var/pattern/aptp/threatdata and find a couple of domains to test like these...
1bytebetter.com
1keluarga.net
And then go to a Linux server which is using the UTM (192.168.1.1) for DNS, I dont have any trouble running...
dig @192.168.1.1 1bytebetter.com
and getting a response. I was under the impression that any DNS requests to any domains listed in /var/pattern/aptp/threatdata should be blocked and then logged to /var/log/aptp.log?
Am I missing something?
Guest User!
You are not Sophos Staff.
