DNS Filtering: Identify URL Reputation and Category During DNS Lookup (Beta)

This feature is experimental for release 6.7. Therefore, it may not work as expected; do not use it in production environments.

The Enable reputation enforcement on DNS traffic option is enabled by default on the Advanced tab of each new access control policy. This option slightly modifies URL filtering behavior and is applicable only when URL filtering is enabled and configured.

When this option is enabled:

• The system evaluates domain category and reputation early in URL transactions, when the browser looks up the domain name to get the IP address

• Category and reputation of encrypted traffic can often be determined without decryption

  If DNS filtering cannot determine the URL of encrypted traffic, that traffic is processed using your configurations for encrypted traffic.

Web traffic that does not match during domain lookup is processed using standard URL filtering. This happens, for example, the first time the system sees a particular URL.