Add a DNSWatch Configuration in WatchGuard Cloud

Applies To: DNSWatch in WatchGuard Cloud

This feature is only available to participants in the WatchGuard Cloud Beta program.

References to DNSWatch in this topic relate to DNSWatch in WatchGuard Cloud. To learn about the legacy DNSWatch UI, go to About WatchGuard DNSWatch in Fireware Help.

To use DNSWatch in WatchGuard Cloud to protect your network from malicious sites and filter content, you must create DNSWatch configurations. DNSWatch configurations define the settings and content filters that DNSWatch uses to determine whether to block a site.

Your operator role determines what you can view and do in WatchGuard Cloud. Your role must have the DNSWatch permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

Add a DNSWatch Configuration

To add a DNSWatch configuration, in WatchGuard Cloud:

  1. Log in to WatchGuard Cloud.
  2. Select Configure > DNSWatch.
    The DNSWatch page opens.

Screenshot of the DNSWatch page with Add DNSWatch Configuration highlighted.

  1. Click Add DNSWatch Configuration.
    The Add DNSWatch Configuration wizard opens.

Screenshot of the first page of the Add DNSWatch Configuration wizard.

  1. In the Name text box, enter a name for the configuration.
  2. In the Description text box, enter a description for the configuration.
  3. To automatically populate the Content Filter list with WatchGuard recommendations, select Start With WatchGuard Recommendations.
  4. In the SafeSearch section, select the web browser search engines you want to enable SafeSearch for. For more information, go to About SafeSearch in DNSWatch in WatchGuard Cloud. You can enable SafeSearch enforcement for these search engines: 
    • Google
    • YouTube
    • Bing
    • DuckDuckGo
  5. To block responses for any domain names that resolve to IP addresses in the three private IP ranges reserved by the Internet Engineering Task Force (IETF), select Block DNS Resolution to Private IP Addresses.This can help protect your network from DNS rebinding attacks, which attempt to gain access to resources on your network that use private IP addresses.

Screenshot of the first page of the Add DNSWatch Configuration wizard with options selected.

  1. Click Next.
    The Content Filter page of the Add DNSWatch Configuration wizard opens.

Screenshot of the Content Filter page of the Add DNSWatch Configuration wizard.

  1. In the Content Filter list, select or clear the check box next to a content category or subcategory to allow or block it. If you selected Start With WatchGuard Recommendations in Step 6, some categories are automatically selected. For more information about DNSWatch content filter categories, go to About Content Filter Categories in DNSWatch in WatchGuard Cloud.
    • Allow — Users can connect to sites in these categories and DNSWatch does not return a content filtering block page in their browser.
    • Block — Users cannot connect to blocked site and DNSWatch returns a content filtering block page in the browser.
      For information on how to customize the security and content filtering block pages, go to Manage the Block Pages for DNSWatch in WatchGuard Cloud
  1. Click Next.
    The Domains List page of the Add DNSWatch Configuration wizard opens.

Screenshot of the Domains List page of the Add DNSWatch Configuration wizard.

  1. To allow or block traffic to specific domains, click Add Domains.
    The Add Domains dialog box opens.

Screenshot of the Add Domains dialog box.

  1. In the List Name text box, enter a name for the list.
  2. In the Domain List text box, enter or paste a list of domain names. You can specify one domain name on each line or you can use a comma, space, or semicolon to separate each domain name. To upload a CSV or TXT file with a list of domain names, click the upload icon.

Screenshot of the Domain List text box, with the upload icon highlighted.

  1. In the List Type drop-down list, select the action you want DNSWatch to take for the domains in the list. You can select: 
    • Allow — Users can connect to the domain and DNSWatch does not return a security block page in the browser.
    • Block — Users cannot connect to the domain and DNSWatch returns a security block page in the browser.
  2. For Block type domain lists, to mark every listed domain as malicious, select Mark all as Malicious.
  3. To also block or allow the subdomains of all listed domains, select Include Subdomains.

Screenshot of the Add Domains dialog box with all fields completed.

  1. Click Add.
    The added domains appear in the Domains List.

Screenshot of the Domains list page in the Add DNSWatch Configuration wizard with domains added to the list.

  1. Repeat Steps 12 to 18 to add additional block and allow lists.
  2. Click Next.
  3. From the list, select the accounts and Fireboxes you want to apply this DNSWatch configuration to. The number of Fireboxes the configuration applies to appears as the number of Subscribed Fireboxes on the configuration widget.

Screenshot of the select accounts and Fireboxes page in the Add DNSWatch Configuration wizard.

  1. Click Save.
    The saved DNSWatch configuration appears as a widget on the DNSWatch page.

Screenshot of the DNSWatch page in WatchGuard Cloud with the newly added configuration.

Related Topics

About Configurations in DNSWatch in WatchGuard Cloud

About Content Filter Categories in DNSWatch in WatchGuard Cloud

About SafeSearch in DNSWatch in WatchGuard Cloud