Use Case 1: Firewall Requires DNS Resolution for Management Purposes

In this use case, the firewall is the client requesting DNS resolutions of FQDNs for management events such as software update services, dynamic software updates, or WildFire. The shared, global DNS services perform the DNS resolution for the management plane functions.
dns_use1_environ.png
  1. Configure the primary and secondary DNS servers you want the firewall to use for its management DNS resolutions.
    You must manually configure at least one DNS server on the firewall or it won’t be able to resolve hostnames; it won’t use DNS server settings from another source, such as an ISP.
    1. Select
      Device
      Setup
      Services
      Global
      and Edit. (For firewalls that do not support multiple virtual systems, there is no
      Global
      tab; simply edit the Services.)
    2. On the
      Services
      tab, for
      DNS
      , click
      Servers
      and enter the
      Primary DNS Server
      address and
      Secondary DNS Server
      address.
    3. Click
      OK
      and
      Commit
      .
  2. Alternatively, you can configure a DNS Proxy Object if you want to configure advanced DNS functions such as split DNS, DNS proxy overrides, DNS proxy rules, static entries, or DNS inheritance.
    1. Select
      Device
      Setup
      Services
      Global
      and Edit.
    2. On the
      Services
      tab, for
      DNS
      , select
      DNS Proxy Object
      .
    3. From the
      DNS Proxy
      drop-down, select the DNS proxy that you want to use to configure global DNS services, or click
      DNS Proxy
      to configure a new DNS proxy object as follows:
      1. Click
        Enable
        and enter a
        Name
        for the DNS proxy object.
      2. For
        Location
        , select
        Shared
        for global, firewall-wide DNS proxy services.
        Shared DNS proxy objects don’t use DNS server profiles because they don’t require a specific service route belonging to a tenant virtual system.
      3. Enter the
        Primary
        DNS server IP address. Optionally enter a
        Secondary
        DNS server IP address.
    4. Click
      OK
      and
      Commit
      .

Related Documentation