When I end a VPN session, the ESS firewall log reports an event such as the following: Event: DNS cache poisoning attack Source: 192.168.1.2:53 (my address on the local network) Target: 192.168.1.35:1192 (my address on the remote network) The target address and port may vary from session to session, depending on what the remote server has assigned. Two observations and questions: 1. I have seen no adverse consequences from this event (apart from the misleading entry in the ESS log). It may have helped that the event does not occur until the VPN session terminates. Specifically, what action does ESS take as a consequence of this event? 2. Of course, I don't want to modify ESS settings such that actual DNS cache poisoning attacks are ignored. How can I configure ESS so that this event is not recorded (and no action is taken by ESS) when it occurs as a consequence of a legitimate VPN connection?