Create or update a security policy rule and
reference an anti-spyware profile with the DNS Security settings
and a custom URL category list (
containing the approved list of DoH servers.
Create a block policy to decrypt HTTPS traffic and
block all remaining unsanctioned DoH traffic that is not explicitly allowed
by the custom URL category list (referenced in step 5) by using
the following URL category:
If you already have an existing block policy to block
DoH traffic, verify that the rule is placed below the previous security
policy rule used to match with specific DoH resolvers listed in
a custom URL category list object.
(Optional) Search for activity on the firewall for HTTPS-encrypted
DNS queries that have been processed using DNS Security.
Submit a log query based on the application, using
app = 'dns-over-https'
Select a log entry to view the details of a detected
DNS threat that uses DoH.
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding