Forum Discussion

Bogwitch's avatar
Bogwitch
Copper Contributor
Aug 27, 2020

ATP and APP proxy awareness

Hi All,   We have been told by our VAR that the ATP and APP client require Internet DNS lookup to operate, specifically for registration.   Our environment is secured by having a default route wh...
Bogwitch's avatar
Bogwitch
Copper Contributor
Aug 28, 2020

EliOfek 

 

Hi Eli,

 

thanks for getting back to me. I'm a little confused as to why the DNS lookup is required. If the software is proxy aware, there should be no need for a DNS lookup as the proxy will perform to resolution.

 

Our security model is one that greatly reduces the likelihood of a command and control or data exfiltration channel being established via DNS and we're keen to avoid reducing that stance.

 

Is the IP address returned by the DNS lookup actually used for any requests? If so, are those requests direct (meaning we will need to create static routes to bypass the proxy) or are the IP addresses replacing the URL in the request that's sent to the proxy? 

 

If the IP addresses are not used at all, why the DNS lookup and why would it be a problem if we simply resolved to BOGON addresses?

 

Thanks,

 

Bog

Bogwitch's avatar
Bogwitch
Copper Contributor
Sep 03, 2020

Does anyone else have any insights here?

 

thanks,

 

Bog