Contents

Configure Network DNS and WINS Servers

You must configure network (global) DNS and WINS servers on the Firebox for some features to work. You configure the network DNS and WINS servers in the Firebox network configuration separate from the interface settings. Network DNS and WINS servers are also known as global DNS and WINS servers.

Multiple Firebox features and clients use the network DNS and WINS servers to resolve DNS queries:

  • Network clients on the trusted or optional networks
  • IPSec VPNs
  • Mobile VPN clients
    Mobile VPN clients use only the first two DNS servers in the list.
  • Subscription services

Best Practices

We recommend these best practices for network DNS and WINS servers:

  • Configure at least two DNS servers, one with a private IP address, and another with a public IP address. We recommend that you list the private DNS server first, so it has higher precedence.
  • Make sure your network DNS and WINS servers are accessible from the Firebox trusted interface. 
  • Use only an internal DNS and WINS server for DHCP and Mobile VPN. This is to make sure that you do not create policies with configuration properties that make it difficult for your users to connect to the DNS server.

For more information about Firebox configuration best practices, see Firebox Configuration Best Practices.

DNS Server Precedence

The Firebox uses the network DNS and WINS servers unless you specify a different DNS/WINS server elsewhere in the Firebox configuration.

  • You can specify different DNS and WINS servers in the Mobile VPN with SSL settings. For more information, see Manually Configure the Firebox for Mobile VPN with SSL.
  • (Fireware v12.2.1 or higher) You can specify different DNS and WINS servers in the Mobile VPN with IKEv2, Mobile VPN with IPSec, and Mobile VPN with L2TP settings. For more information, see DNS and Mobile VPNs.
  • You can specify different DNS and WINS servers when you configure an interface to use the Firebox as a DHCP server. For more information, see Configure an IPv4 DHCP Server.
  • You can configure DNS Forwarding rules that send DNS queries for specified domains to specified DNS servers. For more information, see About DNS Forwarding.
  • (Firebox v12.1.1 or higher) If you enable the DNSWatch feature on your Firebox, some DNS queries are sent to DNSWatch DNS servers instead of the network DNS server. For more information about DNS server precedence, see About DNS on the Firebox. For information about DNSWatch, see About WatchGuard DNSWatch.

Configure Network DNS and WINS Servers

See Also

About DNS on the Firebox

About Network Modes and Interfaces

Common Interface Settings

DNS and Mobile VPNs

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search