About WatchGuard DNSWatch

DNSWatch is a cloud-based subscription service that can be used to protect your network, devices, and users from malicious domains. DNSWatch monitors DNS requests regardless of the connection type, protocol, or port and whether the requests are made on or off your network. When a user tries to visit a malicious or filtered web domain, a block page appears in the browser.

DNSWatch is easily enabled as a subscription service on your Firebox. Before you can enable the DNSWatch feature and configure it on your Firebox, you must add a DNSWatch license to your Firebox feature key.

DNSWatch is not supported in Fireware v12.3.x or lower on a Firebox configured in Bridge Mode. In Fireware v12.4 or higher, DNSWatch enabled on a Firebox in Bridge Mode has the same usage enforcement options as a Firebox configured in Mixed Routing Mode. When DNSWatch is enabled on a Firebox in Bridge Mode, the interface is named Global Bridge in the Protected Fireboxes interfaces list in DNSWatch.

DNSWatch Protection

DNSWatch offers two types of protection:

• Network Protection — DNS protection and content filter enforcement on your network (with or without a Firebox)
  • To protect your network without a Firebox, go to About DNSWatchGO Protected Networks
  • To protect your network with a Firebox, go to Enable DNSWatch on Your Firebox
• Off-Network Protection — DNS protection and content filter enforcement on portable assets that have the DNSWatchGO Client or the DNSWatchGO Chrome extension installed
  • To install the DNSWatchGO Client, go to Download and Install DNSWatchGO Client
  • To deploy the DNSWatchGO Chrome extension, go to Deploy the DNSWatchGO Chrome Extension

Network Protection

DNSWatch protects your network from malicious sites and phishing attempts. You can also block domains in specific content categories such as alcohol, gambling, and online dating. When your network appliance or Firebox receives a DNS query on a protected network, it uses DNSWatch as the DNS resolver. If the request is to a domain on the Domain Feeds list or filtered domains list, then DNSWatch returns a block page instead of the requested content. If the domain is not on the lists, DNSWatch returns the requested content to the user.

You can also create a content filter policy to block domains by categories. For information about content filter policies, go to Manage User Access to Content in DNSWatch.

Off-Network Protection

DNSWatchGO Client is an application that you install on portable computers that leave your network, such as employee laptops. DNSWatchGO simultaneously forwards DNS requests to the DNSWatch resolvers and the upstream DNS resolvers. DNSWatch resolvers compare the requested domain to the lists of malicious domains in the Domain Feed and to domains in filtered categories.

If the requested domain is not on the known malicious domains list or on the filtered domains list, the request is resolved by the Upstream DNS resolvers and the requested content appears.

If the domain is a known threat or filtered content:

• DNSWatchGO Client returns the block page content
• If the requested content links to a malicious domain, DNSWatch gathers more information about the threat

With the DNSWatchGO Chrome extension, you can extend the protection of DNSWatch to provide consistent policy enforcement and security protection when your users leave the safety of your network. Similar to the DNSWatchGO Client on Windows devices, the DNSWatchGO Chrome extension provides DNS-level protection for users with Chrome. When the Chrome browser opens a site, the DNSWatchGO Chrome extension queries the DNSWatch servers to check if the site is malicious.

Related Topics

Manage DNSWatch

DNSWatch Components