Creating a DNS Security profile

You can allow or block DNS queries and responses containing malicious resources, as well as redirect them to the specified IP address.

You can create up to 64 custom profiles.

To create a DNS Security profile:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
  2. Select the Objects tab, then select Security profiles → DNS Security.
  3. In the upper part of the workspace, click the Create button.

    This opens the DNS Security profile creation window.

  4. In the Name field, enter a name for the new profile.

    The name of the profile must be unique among all profiles.

    The maximum length is 128 characters.

  5. If necessary, in the Description field, enter an arbitrary description of the profile.

    The maximum length is 256 characters.

  6. Select the action to be applied to DNS queries and DNS responses when a malicious object is detected:
    • Block and redirect to block users' DNS queries to a malicious or phishing web resource and redirect the DNS response to the specified server. If the DNS query contains multiple records, only records containing malicious or phishing web resources are redirected, while the rest of the records are dropped.

      If you select this option, enter the IP address of the server to which you want to redirect the user. The IP address of this server replaces the IP address of the requested web resource in the DNS response that the user receives.

      To redirect users' queries, you need to deploy a separate server that will host an HTML page with a message for the user, for example, explaining the danger of visiting the requested web resource.

    • Block to block DNS queries and DNS responses in which malicious or phishing resources are detected. If the DNS query or DNS response contains multiple records, and one of these contains a malicious object, the entire DNS query or DNS response is blocked, and all domains or IP addresses included in it are blocked.
    • Allow to allow DNS queries and DNS responses in which malicious or phishing web resources are detected.
    • Reset both to block DNS queries and DNS responses in which malicious or phishing resources are detected, and send a TCP RST to the client side and to the server side for TCP sessions.
  7. If necessary, enable security event logging. If logging is enabled, then when an attempt is made to visit a malicious or phishing web resource, an event is logged in the DNS Security security event log in the SIEM system. Separate events are logged for the DNS query and the DNS response.

    If logging is disabled, no events are generated or saved.

  8. Apply the OSMP policy changes by clicking the Commit and push button.

The DNS Security profile is added to the table of DNS Security profiles.

Page top