DNS Filter in SonicOS 7.1
Description
DNS filtering is a critical component of network security, enabling administrators to control access to websites and mitigate security risks. SonicOS 7.1 offers robust DNS filtering capabilities, including integration with Neustar, a leading provider of DNS security services.Â
Neustar is a trusted industry leader in providing authoritative DNS services, DNS-based security solutions, and threat intelligence.Neustar's solutions are designed to protect against DNS-based attacks, ensure optimal performance and reliability, and enable organizations to maintain control over their DNS infrastructure.
Integration with Neustar's DNS security services enhances SonicWall's DNS filtering capabilities in several ways:
- Real-time Threat Intelligence: Neustar continuously monitors global DNS traffic to identify emerging threats and malicious domains in real-time. By integrating Neustar's threat intelligence feeds, SonicWall can proactively block access to known malicious domains, preventing users from inadvertently accessing harmful content.
- Advanced Filtering: Neustar's DNS security services offer advanced filtering capabilities, allowing administrators to enforce granular policies based on domain reputation, content categories, and threat intelligence. SonicWall can leverage these filtering capabilities to enforce policies that align with organizational security requirements and compliance mandates.
- Scalability and Performance: Neustar's robust infrastructure ensures high availability, scalability, and optimal performance for DNS resolution. By leveraging Neustar's global network of DNS servers, SonicWall can deliver fast and reliable DNS resolution services to users across distributed networks, regardless of geographical location.
- Comprehensive Protection: Neustar's DNS security services provide comprehensive protection against a wide range of DNS-based threats, including malware, phishing, ransomware, and data exfiltration attempts. By integrating Neustar's threat intelligence into SonicWall's DNS filtering solution, organizations can effectively mitigate the risks associated with DNS-related attacks and safeguard their network infrastructure and sensitive data.
Configuration Changes Reference:
| BEFORE 7.X | AFTER 7.X |
|---|---|
| Global Enable DNS Proxy | No longer needed |
| Enable DNS Proxy per interface | In each DNS Policy, configure the source interface |
| DNS Proxy Mode | Configured in each DNS Policy |
| Enforce DNS Proxy For All DNS Requests | As origin |
| Enable DNS Proxy Cache | As origin |
Resolution
Configuration Prerequisites for DNS Filtering:
- License Check: Before using DNS Filtering, ensure that DNS Filtering is licensed under Gateway Services. Verify this on the license page.
- DNS Policy Configuration:Add, edit, or delete DNS policies manually in the Policy |Rules and Policies|DNS Rules section.
- DNS Profile Setup: Add, edit, or delete DNS Profiles in the Object | Profile Objects | DNS Filtering section.
- Configure the DHCP DNS Server Lease Scopes interface to use the firewall's interface IP in the Dynamic Range Configuration.
- Enforce DNS Proxy Setting:Enable "Enforce DNS Proxy For All DNS Requests" in the DNS Proxy settings located in Network | DNS | DNS Proxy.
TIP: For assistance with the configuration, please follow: Configuring DNS Filtering
Â