How to configure your Firebox with DNSWatch for Friendly WiFi compliance.
WatchGuard is an accredited Friendly WiFi Approved Provider. Customers that use WatchGuard Fireboxes with an active DNSWatch subscription can provide the content filtering required to make sure wireless users cannot access inappropriate content.
WatchGuard DNSWatch monitors DNS requests both on network and off network to prevent connections to known malicious domains. DNSWatch protects against malicious clickjacking and phishing domains regardless of the connection type, protocol, or port. DNSWatch can also block content based on categories. For more information and DNSWatch, see About DNSWatch.
You can use the DNSWatch service on your Firebox with these wireless deployments:
Note: You can also use WatchGuard WebBlocker to configure content filtering for Friendly WiFi compliance. For more information, see: How to configure your Firebox with WebBlocker for Friendly WiFi.
Platform and SoftwareThe hardware and software used to complete the steps outlined in this document include:
How DNSWatch WorksWhen DNSWatch is enabled and your Firebox receives a DNS query from a host on a protected network, it sends the request to DNSWatch. DNSWatch determines whether the domain is a known threat. If a content filter policy is assigned to the Firebox, DNSWatch also determines if a domain is on the content filter list.
If the domain is not a known threat or filtered content, DNSWatch returns the requested content.
If the domain is a known threat:
If the domain is filtered content:
Configure DNSWatch on your FireboxTo enable DNSWatch from Fireware Web UI:
Configure Content FiltersIn addition to DNSWatch protection from malicious domains based on intelligence feeds, you can use DNSWatch policies to block domains in selected content categories on protected networks and devices. The Safe Search option will help filter out explicit content in search results across multiple search engines. You can create multiple policies to meet the needs of your different networks. Each protected network and the DNSWatchGO client can use a different policy. For more information, see Manage User Access to Content.
A content filter policy is required to add the categories necessary for Friendly WiFi compliance.
To configure content filtering policies in DNSWatch:
For Friendly WiFi compliance, make sure you block Adult Material / Pornography type categories as part of your policy.