Use Case 1: Firewall Requires DNS Resolution for Management
In this use case, the firewall is the client
requesting DNS resolutions of FQDNs for management events such as
software update services, dynamic software updates, or WildFire.
The shared, global DNS services perform the DNS resolution for the
management plane functions.
Configure the primary and secondary DNS servers
you want the firewall to use for its management DNS resolutions.
You must manually configure at least one DNS server
on the firewall or it will not be able to resolve hostnames; it
will not use DNS server settings from another source, such as an
Edit. (For firewalls that do not support multiple virtual systems,
there is no
tab; simply edit the Services.)
and enter the
Secondary DNS Server
Alternatively, you can configure a DNS Proxy Object if you
want to configure advanced DNS functions such as split DNS, DNS
proxy overrides, DNS proxy rules, static entries, or DNS inheritance.
DNS Proxy Object
select the DNS proxy that you want to use to configure global DNS
services, or click
a new DNS proxy object as follows:
for the DNS proxy object.
global, firewall-wide DNS proxy services.
proxy objects do not use DNS server profiles because they do not
require a specific service route belonging to a tenant virtual system.