UTM 9 SG115 latest firmware. (as of today)
Out of the box default settings. webfiltering enabled.
On our internal domain the DC acts as DNS\DHCP for all the workstations. The DC uses OPENDNS as the DNS forwarders the clients will use.
Open DSN reports malware DNS queries from my WAN IP.
I would have assumed I could search "bad.url.phishscam.ld" or whatever was being reported by OPENDNS.
As it stands I have to enable DNS loggin on the DNS server and let it run for a day. Then I can search by key work and find the internal IP of who is making the DNS request.
IS there anyway to make this easier on the UTM appliance? is there a specific DNS log setting that i need to enable to capture this?
it seems to be getting every other DNS query made.
I have 4 sites with the same issue and layout.
any help?!
This thread was automatically locked due to age.