Issue
If you use DNSWatch on your Firebox, the Firebox always sends log messages for DNSWatch forwarding, even if you disable logging for DNSWatch forwarding. Because of this, you could see a large number of log messages that look like this:
2024-09-25 22:27:03 Allow 10.0.1.2 8.8.8.8 dns/udp 60736 53 Trusted Firebox DNSWatch 78 128 (Internal Policy) proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.0.1.1" geo_dst="USA" record_type="A" question="unitedstates.cp.wd.microsoft.com"
Workaround/Solution
No workaround exists at this time.
