DNSWatch Components
DNSWatch
A cloud-based service that monitors DNS requests to prevent connections to known malicious or filtered domains. You can enable the DNSWatch service on a Firebox or configure it on your network.
DNSWatchGO Client
A client-based application installed on portable host computers, such as laptops, to enforce your policy when a device is not connected to your network. The client submits DNS requests to both the DNSWatch server and the upstream DNS server.
- If the domain is considered malicious or suspicious, DNSWatchGO returns the block page from the DNSWatch Blackhole server.
- If no issues are found by the DNSWatch server, DNSWatchGO returns the requested content.
For more information, go to About DNSWatchGO Client.
DNSWatchGO Chrome Extension
A Chrome extension deployed to Chromebooks to extend the protection of DNSWatch to provide consistent policy enforcement and security protection when your users leave the safety of your network.
For more information, go to About DNSWatchGO for Chrome OS.
Content Filter Policy
Sometimes you want to filter content that users can access both on and off your network. With DNSWatch, you can create a content filter policy to block domains in specific categories, such as gambling, alcohol, or adult content. When a user tries to connect to a filtered web site, DNSWatch replaces the requested content with the block page. You can have one policy for off-network and a different policy for each protected network or Firebox. You can also apply different client policies to different client groups. For more information about policies, go to Manage User Access to Content in DNSWatch.
Block Page
When DNSWatch determines that a requested domain is malicious or filtered, the block page appears instead of the requested content. DNSWatch also attempts to gather more information about the source of the blocked DNS request and the type of threat. When DNSWatch denies a DNS request, it generates an alert with the collected information for administrators. For more information, go to Customize DNSWatch Block Pages.
Domain Feeds
To protect your network, DNSWatch uses a complex set of heuristics to identify requests to malicious domains or domains with suspicious certificates. DNSWatch polls a variety of commercial threat intelligence feeds daily to identify new malicious domains and update the domain feeds. To help improve DNSWatch for all users, you can share the domains you manually add to the block list with WatchGuard. For more information, go to About DNSWatch Domain Feeds.
DNS Resolvers
The DNSWatch DNS resolvers resolve DNS queries from protected networks. WatchGuard hosts DNSWatch DNS servers in multiple regions. For more information, go to About DNSWatch DNS Servers.
Blackhole Servers
When DNSWatch receives a DNS request for a denied domain, it resolves the domain to the IP address of the Blackhole Server. When the client who originated the DNS request connects to the Blackhole, DNSWatch tries to gather more information about the source of the blocked DNS request and the type of threat. The collected information appears in an alert that DNSWatch generates when a DNS request is denied. For a denied DNS request that occurs for HTTP or HTTPS connections, users see the DNSWatch block page in their browser. For more information, go to About DNSWatch Blackhole Servers.
About DNSWatchGO for Chrome OS
Manage DNSWatchGO Client Groups