Use Case 1: Firewall Requires DNS Resolution for Management
In this use case, the firewall is the client
requesting DNS resolutions of FQDNs for management events such as
software update services, dynamic software updates, or WildFire.
The shared, global DNS services perform the DNS resolution for the
management plane functions.
Configure the primary and secondary DNS servers
you want the firewall to use for its management DNS resolutions.
You must manually configure at least one DNS server
on the firewall or it won’t be able to resolve hostnames; it won’t
use DNS server settings from another source, such as an ISP.
Edit. (For firewalls that do not support multiple virtual systems,
there is no
tab; simply edit the Services.)
and enter the
Secondary DNS Server
Alternatively, you can configure a DNS
Proxy Object if you want to configure advanced DNS functions
such as split DNS, DNS proxy overrides, DNS proxy rules, static
entries, or DNS inheritance.
DNS Proxy Object
select the DNS proxy that you want to use to configure global DNS
services, or click
a new DNS proxy object as follows:
for the DNS proxy object.
global, firewall-wide DNS proxy services.
proxy objects don’t use DNS server profiles because they don’t require
a specific service route belonging to a tenant virtual system.