If your firewall is to act as a DNS proxy,
perform this task to configure a
DNS
Proxy Object. The proxy object can either be shared among
all virtual systems or applied to a specific virtual system.
When the firewall is enabled to act as
a DNS proxy, evasion signatures that detected crafted HTTP or TLS
requests can alert to instances where a client connects to a domain
other than the domains specified in the original DNS query. As a
best practice,
Enable
Evasion Signatures after configuring DNS proxy to trigger
an alert if crafted requests are detected.