Introduction to DNS Filter
Most people who use the Internet use domain names. For example, people who access the Fortinet website type www.fortinet.com into their web browser. However, on the Internet, all websites, computers, or devices actually use IP addresses to locate the destination.
Internet uses DNS (Domain Name System) to translate domain names into IP addresses. For example, when you type www.fortinet.com into your web browser, DNS maps this domain name to Fortinet’s IP address to locate the Fortinet website on the Internet.
If you cannot see DNS Filter under Security Profiles, go to System > Feature Visibility > Security Features section and enable DNS Filter.
DNS primarily uses the UDP protocol on port 53 to serve the address resolve requests.
The FortiGate DNS Filter inspects the UDP protocol on port 53 traffic that traverse FortiGate, and based on the DNS Filter profile configuration, makes the Allow/Monitor/Block or Redirect decision for the inspected traffic.
FortiGate DNS Filter has the following features:
- FortiGuard Filtering: filtering the DNS request based on the domain’s FortiGuard rating. l Botnet C&C Domain Blocking: block the DNS request for the known Botnet C&C domains.
- External Dynamic Category Domain Filtering: define your own domain category. l DNS Safe Search: Enforce Google, Bing, and YouTube safe addresses for parental controls. l Local Domain Filter: define your own domain list to block or allow.
- External IP Block List: define your IP block list to block resolved IPs that match this list. l DNS Translation: map the resolved result to another IP you define.
Sample topology
The topics in this section use the following sample topology to explain how these DNS Filter features work and how to configure it. In this sample topology, there is an internal network and a FortiGate used as a gateway device, with all DNS traffic traversing the FortiGate.
Hi Mike,
does Fortigate have an official list of malicious IP addresses as Palo Alto has?
According to this:
https://www.reddit.com/r/fortinet/comments/ble40u/blocking_large_lists_of_ip_addresses_in_fortigate/
it looks as it is only available in versions 6.2.
Do you know any other option?
Thank you!!