A cloud-based service that monitors DNS requests to prevent connections to known malicious or filtered domains. You can enable the DNSWatch service on a Firebox or configure it on your network.
A client-based application installed on portable host computers, such as laptops, to enforce your policy when a device is not connected to your network. The client submits DNS requests to both the DNSWatch server and the upstream DNS server.
- If the domain is considered malicious or suspicious, DNSWatchGO returns the block page from the DNSWatch Blackhole server.
- If no issues are found by the DNSWatch server, DNSWatchGO returns the requested content.
For more information, see About DNSWatchGO Client.
Content Filter Policy
Sometimes you want to filter content that users can access both on and off your network. With DNSWatch, you can create a content filter policy to block domains in specific categories, such as gambling, alcohol, or adult content. When a user tries to access a filtered web site, DNSWatch replaces the requested content with the block page. You can have one policy for off-network and a different policy for each on-premise network. For more information about policies, see DNSWatchGO Content Filter Policies.
When DNSWatch determines that a requested domain is malicious or filtered, the block page appears instead of the requested content. DNSWatch also attempts to gather more information about the source of the blocked DNS request and the type of threat. When DNSWatch denies a DNS request, it generates an alert with the collected information for administrators. For more information, see Customize DNSWatch Block Pages.
To protect your network, DNSWatch uses a complex set of heuristics to identify requests to malicious domains or domains with suspicious certificates. DNSWatch polls a variety of commercial threat intelligence feeds daily to identify new malicious domains and update the domain feeds. To help improve DNSWatch for all users, you can share the domains you manually add to the block list with WatchGuard. You can see a list of the domain feeds in the DNSWatch Web UI. For more information, see About DNSWatch Domain Feeds.
The DNSWatch DNS resolvers resolve DNS queries from protected networks. WatchGuard hosts DNSWatch DNS servers in multiple regions. For more information, see About DNSWatch DNS Servers.
When DNSWatch receives a DNS request for a denied domain, it resolves the domain to the IP address of the Blackhole Server. When the client who originated the DNS request connects to the Blackhole, DNSWatch tries to gather more information about the source of the blocked DNS request and the type of threat. The collected information appears in an alert that DNSWatch generates when a DNS request is denied. For a denied DNS request that occurs for HTTP or HTTPS connections, users see the DNSWatch block page in their browser. For more information, see About DNSWatch Blackhole Servers.