Usage Enforcement only on external traffic?

Olix

When using DNSWatch with active enforcement mode, is only external traffic (to the Internet) monitored, or is traffic between internal interfaces (Trusted, Optional) on TCP/53 also monitored and redirected to the DNSWatch servers?

james.carson

Hi @Olix

You can set this up on the firebox via conditional DNS forwarding.

See example 4 in the documentation here for the scenario you're describing:

(DNSWatch Firebox Configuration Examples)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/services/dnswatch/dnswatch_config_examples_c.html

Bruce_Briggs

From the docs:
"DNSWatch evaluates your DNS traffic and denies any requests to known malicious or filtered domains."
and
"DNSWatch monitors DNS requests regardless of the connection type, protocol, or port"

Which suggests that it looks at all DNS queries that go through the firewall for DNSWatch protected networks.