Create or edit a DNS filter profile
Click Create New to open the New DNS Filter Profile window.
Configure the following settings and then click OK:
Name |
The name of the DNS filter profile. |
Comments |
Optional description of the DNS filter profile. |
Redirect botnet C&C requests to Block Portal |
FortiGuard Service continually updates the botnet C&C domain list. The botnet C&C domain blocking feature can block the botnet website access at the DNS name resolving stage. This provides additional protection for your network. |
Enforce 'Safe search' on Google, Bing, YouTube |
The DNS safe search option helps avoid explicit and inappropriate results in the Google, Bing, and YouTube search engines. The FortiProxy responds with content filtered by the search engine. |
Restrict YouTube Access |
Select the Strict or Moderate level of restriction for YouTube access. This option is available only if Enforce 'Safe search' on Google, Bing, YouTube is enabled. |
FortiGuard category based filter |
Enable if you want to use FortiGuard categories. If the device is not licensed for the FortiGuard web-filtering service, traffic can be blocked by enabling this option. |
Allow/Monitor/Redirect to Block Portal |
Select the action for each FortiGuard category: Allow, Monitor, or Redirect to Block Portal. |
Static Domain Filter |
|
Domain Filter |
Enable to create or edit domain filters. See Create or edit a domain filter. |
External IP Block Lists |
Enable to create or select a list of external IP addresses to block. See External Connectors. |
DNS Translation |
This setting allows you to translate a DNS resolved IP address to another IP address you specify on a per-policy basis. See Create or edit a DNS translation entry. |
Options |
|
Redirect Portal IP |
If you want the FortiProxy unit to use the portal IP address to replace the resolved IP address in the DNS response packet, select Use FortiGuard Default or Specify. If you select Specify, enter the portal IP address. |
Allow DNS requests when a rating error occurs |
Enable to allow access to domains that return a rating error from the web filter service. If your unit is temporarily unable to contact the FortiGuard service, this setting determines what access the unit allows until contact is re-established. If enabled, users will have full unfiltered access to all domains. If disabled, users will not be allowed access to any domains. |
Log all DNS queries and responses |
Enable if you want DNS queries and responses logged. |
API Preview |
The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions. |
To use the API Preview:
-
Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.
-
Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.
-
Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.
-
Click Close to leave the preview.
To edit a DNS filter profile:
-
Go to Security Profiles > DNS Filter.
-
Select the profile you want to edit and then click Edit from the toolbar or double-click on the profile name in the list. The Edit DNS Filter Profile window opens.
-
Edit the information as required and then select OK to save your changes.