Sophos UTM: Domain blocked in Webfilter but UTM still looks up DNS?

Hi! After adding my pi-hole as DNS-Server in Sophos UTM, I noticed that some domains which are blocked in the webfilter and show up as actually having been blocked in the firewall logs still trigger a DNS request which shows up in the pi-hole logs.

Is this behaviour OK, or is something wrong with it?

Thanks a lot in advance!

 

I just started thinking about building my own UTM with Sophos UTM Home as the Operating System.

I know that this would be overkill, but is there any future proof advantage of having a UTM connections with 2 X 10GB Ethernet rather then 2 X 1GB Ethernet?

Do CAT5/CAT6 Patch cables work OK with 10GB Ethernet?

 

I would say the behaviour is ok. In order to go to a website, you have to resolve the FQDN which requires DNS Lookup.

A webfilter does not block the action of resolving a DNS name, that is the job of the sinkhole. The web filter blocker http/https access to websites based on the policy.

If the client is configured to use pi-hole as the DNS and the site is not blacklisted by Pi-Hole but is blocked by Web filter policy then access to the site should be blocked by the UTM.

If the client is configured to use pi-hole as the DNS and the site is blacklisted by Pi-Hole and is blocked by Web filter policy then access to the site should be blocked by Pi-Hole.

If the client is configured to use pi-hole as the DNS and the site is blacklisted by Pi-Hole and is not blocked by Web filter policy then access to the site should be blocked by Pi-Hole.