Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enable DNS Tunnel Detection

To enable DNS tunnel detections on SRX Series Firewalls:

  1. Configure the security-metadata-streaming policy.

    Configure DNS sinkhole if the action is set as sinkhole. See Configure DNS Sinkhole.

  2. Configure tunneling option at [edit services security-metadata-streaming policy dns_policy dns detections] hierarchy level.

  3. Attach the security-metadata-streaming policy to a security firewall policy at zone-level.

  4. Commit the configuration.

Use the show services security-metadata-streaming dns statistics command to view the DNS statistics of security metadata streaming policy.

Use the show services dns-filtering cache command to view the details within the DNS cache.

Note:

DNS tunnel detection is supported on Junos OS 21.2R1 and later releases.