Configuring DNS Protocol Security

Forcepoint ONE Firewall provides DNS threat prevention, protocol enforcement, and SafeSearch enforcement to prevent malicious attacks via DNS queries.

To enable this protection, the DNS traffic must be forwarded through the Forcepoint ONE Firewall for inspection.
Note: To secure DNS traffic, you must create a custom DNS protocol agent and then assign it to the Network Service cell of a network rule for the traffic. For more details, refer to the Network and the Adding or editing a network rule topics in the Forcepoint ONE | Firewall online help documentation.
You can create a custom DNS protocol agent by one of the following ways:
  • From the Network Services page:

  • From the Policy page:

From the Network Services page

Steps:
  1. From the Navigation pane, click Objects > Network Services to navigate to the Network Services page.
  2. Click the New button, and then select the UDP option. The New UDP panel is displayed.

  3. Click in the Protocol Agent field. The Protocol Agent dialog-box is displayed.

  4. Click the New button, and then select the DNS option. The New DNS dialog-box is displayed.

  5. Configure the fields in the dialog-box. For more information on the fields, refer to the Protocol agent field details topic in the Forcepoint ONE | Firewall online help documentation.

  6. Click Save to save the changes or click Cancel to discard the changes.

From the Policy page

Steps:
  1. From the Navigation pane, click Policy to navigate to the Policy Page.
  2. Click a policy row in the table. The Policy panel is displayed.

  3. In the Policy panel, under the Policy Summary section, click the Network stage link. The Network Stage page is displayed.

  4. Click the Network Service cell of a network rule in the table. The Network Service dialog-box is displayed.

  5. Click the New button, then select the UDP option. The New UDP dialog-box is displayed.
  6. Click in the Protocol Agent field. The Protocol Agent dialog-box is displayed.

  7. Click the New button, and then select the DNS option. The New DNS dialog-box is displayed.

  8. Configure the fields in the dialog-box. For more information on the fields, refer to the Protocol agent field details topic in the Forcepoint ONE | Firewall online help documentation.

  9. Click Save to save the changes or click Cancel to discard the changes.