( ( ( "Event Name" = TCPTrafficAudit ) AND ( DestinationPort = 53 ) ) AND ( ( "Event Name" = TCPTrafficAudit ) AND ( DestinationMachine outside::{ "Windows Server 2003 - DC" } ) ) ) AND ( ( "Event Name" = TCPTrafficAudit ) AND ( DestinationMachine outside::{ "Windows Server 2008/2012 - DC" } ) )
I ran the above, one of the destination machine was the IP of the actual firewall?