Restricting DNS lookups on the ProxySG You want to restrict DNS lookup
Resolution
The DNS lookup restriction list is a list of domain names that apply globally, regardless of policy layer definitions. Once a domain name is added to the list, DNS lookup requests do not occur for that domain name while policy is evaluated. To create or modify the DNS Lookup Restriction list:
From the VPM menu bar, select Configuration > Set DNS Lookup Restrictions; the Set DNS lookup restrictions dialog appears. The default is None; no domain names are restricted.
To restrict every domain name, select All.
To add specific domain names, perform the following steps.
Select Listed Host Patterns. This enables the Host Patterns field.
Click Add; the Add Host Pattern dialog appears.
Enter a domain name; click OK.
Repeat to add other domain names.
Click OK.
Additional Information
DNS restrict suppress any DNS resolution triggered by the policy, eg web site categorization, SAN/CN entries DNS resolution etc. Cause many of policy gestures requires/relies on DNS.
However it will not stop DNS resolution for proxy upstream connectivity since proxy needs to know how to reach destination server based on FQDN from the HTTP request