Protect Networks with DNSWatch

To protect your network from malicious sites and domains, configure DNSWatch as your DNS resolver. DNSWatch evaluates your DNS traffic and denies any requests to known malicious or filtered domains.

This feature is intended to be used with static on-premise networks without a Firebox as part of your overall network protection plan. For portable protection, install the DNSWatchGO Client on your portable devices. To provide DNSWatch protection with a Firebox, go to Enable DNSWatch on Your Firebox.

Step 1 — Create content filter policies to block domains by category

  1. Select Configure > Content Filtering Policies.
    The Content Filtering Policies page opens with the Policies tab selected.
  2. Click Create New Policy.
    The Create Policy page opens.
  3. In the Policy Name text box, type a descriptive name for the policy and click Save Policy.
  4. To enable Safe Search enforcement for a search engine, on the Safe Search tab, select the Enable Safe Search check box next to the search engine provider and click Save Safe Search.
  5. On the General tab, click Save Policy.
    The Edit Policy: General page opens.
  6. Select the Categories tab.
    The Edit Policy: Categories page opens.
  7. Select the check boxes for the categories you want to filter.
  8. To see subcategories, click the arrow next to the category name. If all subcategories are selected, the check box next to the top-level category is selected. If only some subcategories are selected, the top-level category displays a hyphen. If you do not want to block that category, clear the check box.

Screen shot of the Categories tab on the Content Filtering page

For a complete list of available categories and descriptions, go to About DNSWatch Content Filter Categories.

  1. Click Save Categories.

Step 2 — Configure your network to use DNSWatch as your network DNS resolver:

  1. Log in to DNSWatch in the WatchGuard website.
  2. Select Deploy > Protected Networks.
    The Protected Networks page opens.
  3. Click Add Network.
    The Add New Network page opens.
  4. Your current IP address appears in the IP Address text box automatically. If you want to protect a different network, type the public IP address of the network in the text box.
  5. Type a descriptive name for the network in the Description text box.
  6. From the Policy drop-down list, select a content filter policy to apply to the network. For information about policies, go to Manage User Access to Content in DNSWatch.
  7. To create a custom block page for this network:
    1. Select the Enable Custom Block Page check box. If you do not customize the block page, the network uses the default DNSWatch block page.
    2. In the Content text box, type the block page content in Markdown format.
    3. To preview the block page, click the Preview tab.
  8. Click Save Network.
    The Protected Networks page opens.
  9. Your network is not protected until you configure your local DNS server to use the DNSWatch resolvers. Follow the instructions for your DNS server to change the DNS resolvers to the DNSWatch resolver IP addresses. For more information about DNSWatch servers, go to About DNSWatch DNS Servers.

Your network is now protected by DNSWatch.

Step 3 - Test your DNSWatch protection

  1. In your browser, go to test.strongarm.io.
  2. Confirm the correct block page appears.

If DNSWatch correctly blocks the test domain, you see this block page:

If DNSWatch does not operate correctly, you see this message:

Scrreen Shot of Error Page

Next Steps

To protect your devices when they are not on your network, go to Protect Endpoints with DNSWatchGO Client.

Related Topics

About DNSWatchGO Client

Manage DNSWatch

Monitor DNSWatch Service Status