I have in fortianalyzer multiple critical events with event status "Unhandled" these are mainly connections to C&C hosts most of them are ending with com.tr.
So I have created DNS security profile, with option enabled "Redirect botnet C&C requests to Block Portal" and here I have information that database include 80000 domains in botnet package. More over I have created here DNS static filters to block *.com.tr and other like:
I have applied this dns security profile from lan computers to my active directory server (DNS), and then from active directory server to outside DNS forwarder (DNS google).
So my question is why these connections are not blocked "Mitigated" in Fortianalyzer?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.