Disable DNS lookups for transparent deployments
Article ID: 166095
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
When a browser is not proxy-aware (transparent proxy deployments), the browser performs DNS lookups.
The ProxySG also performs a DNS lookup by default when receiving a transparent request.
Usually, this is not a problem, but the IP address can differ between the client request destination and the Proxy request destination.
Environment
Client machines do not do DNS queries when they are on explicit configuration, and "trust destination IP" does not help on this scenario.
Resolution
The parameter "trust destination IP" controls whether or not the Proxy will do a DNS lookup to handle a request.
By default, "trust destination IP" is disabled in the SGOS Proxy Edition.
The parameter can be enabled globally through the Management UI or the CLI.
To globally change the current trust destination default setting using the GUI:
- In the Management Console navigate to Configuration > Proxy Settings > General tab.
- Click Trust client-provided destination IP when connecting to servers.
- Click Apply.
To globally change the current trust destination default setting using CLI, first enter configuration mode then:
SGOS#(config) general
SGOS#(config general) trust-destination-ip enable
SGOS#(config general)
There's also an option to enable trust destination IP using Visual Policy Manager, to restrict the "trust the destination IP" behavior to a single site or collection of sites.
To change the current trust destination default using VPM, choose "trust destination default" under action.
MACH5 Edition "trust destination ip" is enabled by default.
Feedback
Yes
No
Powered by
