How do I configure Wi-Fi Cloud to use the DNSWatchGO protected networks service?
IntroductionWatchGuard DNSWatch is a cloud-based service that protects your network from malicious sites and phishing attempts. You can also block domains in specific content categories such as alcohol, gambling, and pornography. For more information about the DNSWatch service, see About DNSWatch.
You do not need a WatchGuard Firebox to protect your Wi-Fi Cloud network with WatchGuard DNSWatch. Layering DNSWatch protections onto your AP’s is easy with DNSWatchGO.
With DNSWatchGO Protected Networks, you can configure your network to use DNSWatch as your DNS server to block malicious sites and domains based on content. DNSWatch evaluates your DNS traffic sent to your Wi-Fi Cloud access points from wireless clients, and denies any requests to known malicious or filtered domains.
For DNSWatchGO licensing, use your expected user count for the network, generally no more than the maximum number of concurrent users per AP radio for your AP device model (For example, 20-40 users). Simply purchase and activate an equivalent number of users and register your AP’s as Protected Networks. There is a 10% buffer for protected network user counts in the event you have a slightly higher user count than expected.
Note: If you do use Wi-Fi Cloud with a Firebox in your deployment, see WatchGuard DNSWatch Integration with Wi-Fi Cloud and a Firebox for configuration instructions on how to integrate Wi-Fi Cloud with DNSWatch with a Firebox.
Configure DNSWatchGO Protected NetworksTo configure protected networks with DNSWatch:
Note: If you want your Wi-Fi Cloud network to meet Friendly WiFi compliance, make sure you block Adult Material / Pornography type categories as part of your policy.
DNSWatch DNS ServersWatchGuard hosts DNSWatch DNS servers in these regions:
Configure Firewall Rules on an SSID for DNSWatch in Wi-Fi Cloud DiscoverYou can use Wi-Fi Cloud Discover to configure firewall rules on an SSID to force the use of DNSWatch content filtering servers for your wireless clients.
You must also make sure that the DNSWatch servers you select are defined in your network's DHCP configuration as the DNS server assigned to wireless clients.
To configure firewall rules on an SSID to force DNS queries to use DNSWatch: