09-02-2014 09:36 AM
Once you have provisioned the vApp in your enviornment and spanned the switch port of your production DNS server to the DNS Firewall, it will start seeing the outgoing DNS queries from your network. If any of the queries registers a "hit" with the list of known bad domains (or IP addresses) tracked by the DNS firewall, you will see a corresponding RPZ log entry on the DNS firewall logs. Trace of the malware activity will also be captured by the reporting appliance. Over time (in a few hours or so) a report of the Top RPZ hits as well as Top Infected clients will be available to you when you log into the DNS firewall.