Professional Documents
Culture Documents
71-DNS Filter
71-DNS Filter
71-DNS Filter
o You can apply DNS category filtering to control user access to web resources.
o Can customize default profile or create your own to manage network user access.
o FortiGuard Filtering filters the DNS request based on the FortiGuard domain rating.
o Botnet C&C domain blocking blocks the DNS request for known botnet C&C domains.
o External dynamic category domain filtering allows to define your own domain category.
o DNS safe search, enforces Google, Bing, & YouTube safe addresses for parental controls.
o Local domain filter allows you to define your own domain list to block or allow things.
o External IP block list allows to define an IP block list to block resolved IPs that match list.
o In DNS Filter, DNS translation maps the resolved result to another IP that you define.
o Some features of this functionality require a subscription to FortiGuard Web Filtering.
o In this lab will set up DNS filtering to block access to bandwidth consuming websites.
If DNS Filter is not listed under Security Profiles, go to System > Feature Visibility, and enable
DNS Filter under Security Features.
Go to Security Profiles > DNS Filter, you can modify the default DNS Filter and enable the
options you want, or you can click + at the top right to create a new DNS Filter.
Click the botnet package link to see the latest botnet C&C domain list.
Visit botnet fully qualified Domain name or nslookup DNS it will show below error in page.
Go to Log & Report > DNS Query to view the DNS traffic that just traverse the FortiGate and the
FortiGuard rating for this domain name.
Domain name such as udemy.com Type Wildcard, Action redirect to Block Portal and status
Enable click OK to save changes.
Go to Log & Report > DNS Query to view the DNS traffic that just traverse the FortiGate and the
FortiGuard rating for this domain name.