Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 2 subscribers
  • Views 477531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection: Google DNS (8.8.8.8) false Positive

solae
Some one else see this in the ATM Log?

10.19.1.3 is a Monitoring Server pinging 8.8.8.8 for Internet Referenc.


This thread was automatically locked due to age.
Parents
  • 0
    The domains it is listing are not the false positives.  However if you have your dns forwarding to a remote dns instead of the utm this is the result.  You need to have your workstations access the utm as their priary dns.  However for those with AD or some other internal dns you also need to setup request routing so that AD(or LDAP) queries get routed to the appropriate internal dns server.  otherwise the utm has no way to discriminate which workstation/client/device is making the request triggering the ATP alerts.
Reply
  • 0
    The domains it is listing are not the false positives.  However if you have your dns forwarding to a remote dns instead of the utm this is the result.  You need to have your workstations access the utm as their priary dns.  However for those with AD or some other internal dns you also need to setup request routing so that AD(or LDAP) queries get routed to the appropriate internal dns server.  otherwise the utm has no way to discriminate which workstation/client/device is making the request triggering the ATP alerts.
Children
No Data