Restrict IPv6 DNS query to allow IPv4 only

book

Article ID: 166829

calendar_today

Updated On:

Products

Mobility Threat Protection ProxySG Software - SGOS

Issue/Introduction

Block ProxySG to perform IPv6 DNS query and allow IPv4 policy.  Need to restrict the Proxy to use DNS lookup for IPv4 only.

Resolution

To restrict the Proxy to use IPv4 only, run the following commands from the CLI:

<Forward>
    server_url.dns_lookup (ipv4-only)

<Proxy>
    server_url.dns_lookup (ipv4-only)

 

In addition you can also restrict DNS lookup for specific hosts:

  1. In the Visual Policy Manager (VPM), navigate to Configuration > Set DNS Lookup Restrictions.
  2. Check "None" for DNS lookup restrictions and install the policy.
    This will disable the proxy from performing DNS forward lookups for policy evaluation purposes.
  3. If you want to restrict only a particular URL or domain, check "Listed host patterns".
  4. Click "Add" to add the URL or domain name.