Type: External
Overview:
This article will help you to create a DNS filtering policy in Seqrite UTM.
DNS filtering: You can create a DNS filtering policy to block certain URLs and domain names based on pre-existing categories as well as custom-defined categories. For a custom category, you have to create a custom category before you can implement DNS filtering for that category. After you have created a DNS filter policy, you must apply it to groups or users as required.
Applicable Versions: UTMv2.6 and Above
Configuration Steps:
1. Logon to Seqrite UTM.
2. Navigate to Policy > DNS Filtering.
3. In the Policies section, click + to create a new policy.
4. Enter a name for the policy, and select the By Category policy type.
5. Select the category that you want to allow or block as required. If you want to access certain websites under a category that have blocked, you can do so by creating a custom category.
6. Similarly, if you select the By domain type, all domains will be blocked except the ones, that you specify under the Whitelist.
7. Click Save. The policy is saved, however, you have to enable the DNS filtering option before you can apply the policy to users and groups.
Note:
DNS filtering policy will not work if a proxy server is configured in the web browser settings.
DNS filtering will not work for those users who use the Single Sign ON to log on since the primary DNS for those user computers is Active Directory Server.
To apply a DNS filtering policy for all SSO users, create an IPwise user for Active Directory and then apply the policy to the user.
Enabling the DNS filtering option
1. Logon to Seqrite UTM.
2. Navigate to Policy > DNS Filtering.
3. In the status section, toggle the status button to enable DNS filtering.
4. If required, you can enable loose mode and the option to parse DNS against a list of known C&C Botnets and IP addresses.
Note: If you enable the option to parse DNS response against Botnet CC & IPDB, DNS response IP will be parsed against UTM's default Botnet C&C IPDB. Optionally you can upload your own list of IP addresses. The text file name should not have empty spaces. The file must contain the IP addresses in the following format.
5. Click Apply.
Please contact Seqrite Technical Support for more assistance