GateWall DNS Filter Deployment Options

GateWall DNS Filter. Comparison with OpenDNS.

There are two possible options of deploying GateWall DNS Filter in a corporate local area network.

Installation Upstream of Corporate DNS Server

The first option is to locate GateWall DNS Filter upstream of the corporate DNS server. With this option, the corporate DNS server allows forwarding DNS requests to the ISP’s DNS server(s). Create LAN users with IP authorization using DNS Filter Administrator console. Specify corporate domain name in exclude_domains parameter of the <brightcloud /> section of the server settings file.

DNS settings should confirm that DNS requests will be sent to the internal corporate DNS server. Internet access must be allowed on a client PC with GateWall DNS Filter via HTTPS and BCAP (BrightCloud Control Application Protocol, TCP port 2316) protocols. This option of GateWall DNS Filter deployment allows generating detailed statistics for all LAN users (client machines).

Installation Downstream of Corporate DNS Server

The second option is to install GateWall DNS Filter immediately downstream of the corporate DNS server. With this option, corporate DNS server settings need to specify GateWall DNS Filter as the server to forward requests (Forwarder). Create just one user in DNS Filter settings with the IP address of the corresponding corporate DNS server. In DNS Filter settings, specify ISP’s DNS server(s) as the forwarding DNS servers. This option allows reduction of GateWall DNS Filter load due to additional caching on the corporate DNS server. However, this will make LAN users’ request statistics unavailable.

Important! GateWall DNS Filter is not a gate solution. For either option, set the application to block DNS requests sent directly by users into the Internet.

image image image

Twitter

Entensys Twitter Entensys Facebook