Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
Maybe your clients use the utm as DNS Server. Our clients use an internal windows server for DNS queries. In webadmin and in the atp logs all entries are from the DNS Server and none from the client.
In order for ATP to be fully effective you need to use the UTM as your dns fowarder.