Just today, I saw our Z3C Teleworker gateway trying to hit 208.67.220.220 on TCP 443, which is being blocked by our firewall. Our firewall (Palo Alto) identified the application as "dnscrypt". A screen shot is attached.
Is this traffic a new requirement for the Z3C?
That is Cisco's DNS, do you have umbrella?
Take a look at this:
cmr, we're not using umbrella.
alemabrahao, I looked through that (we had that document before we set up the firewall rules), but I didn't see anything for that specific destination or the application.
It's a OpenDNS IP, Z3 is trying to resolve some name using this DNS. Someone probably configured it.
Have you recently upgraded to a new major version, MX16 to MX17 for instance? What license mode is your org in? What device is the .1 source?
That was going to be my next comment....yes, I just upgraded it to MX18.107 from MX17.10.2
I have this nightmare also. MX450 hubs trying to reach unknown destinations on AWS and/or IPs that are owned by Cisco. No one has a clue , and TAC can't tell me what it is since it's blocked.
But... I'm running a way older version that what you have.