Firewall DNS Operation Question

Author
joseph3325
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/08 08:05:05
  • Status: offline
2019/01/08 08:11:51 (permalink)
0

Firewall DNS Operation Question

Hello All, 
We have noticed in our SIEM that we are receiving an insane amount of DNS logs from our Fortigates for some specific domains. 
These are:
update.microsoft.com
swscan.apple.com
softwareupdate.vmware.com
play.google.com
autoupdate.opera.com
auth.gfx.ms
 
I know that these are some default domains in the firewall - I believe that they may be defaulted as SSL decryption ignore. (but not 100% positive)
 
My real question is how to have the Fortigates stop sending SIEM millions of these events every day and why are these domains specifically doing it? Is something misconfigured?? 
Thanks!
#1
Jump to:
© 2019 APG vNext Commercial Version 5.5