To change the default behavior In SGOS 220.127.116.11 and later, and in SGOS 18.104.22.168 and later, to restore RDNS lookups, perform one the following:
1) To re-enable RDNS lookups globally, from the CLI of the proxy:
#(config) policy restrict-rdns none
2) To Restrict RDNS globally except for a specified list, through the VPM do the following:
In VPM > Configuration link from Top Tool Bar > Set Reverse DNS lookup Restrictions > The Top box MUST be set to ALL Restrictions (to keep restricting RDNS lookups) > Then set the Bottom Box to the Listed Subnets, adding the subnets to do RDNS on (Making the restriction Exception)
3) To Restrict RDNS globally except for a specified list, using CPL add the following policy to the local CPL file:
<list of IP addresses or subnets>
When installing policy the policy above you will see the warning:
Warning: Restriction has no effect - restrictions missing or overridden: 'rdns'
This warning means that either the CPL did not contain the "all" in the language to keep restriction all or the VPM configuration top box was not set to "all" to keep the RDNS restriction set to "all".
It also means that RDNS is no longer restricted and the ProxySG will be doing RDNS for all hosts.
Even though the global behavior of the ProxySG is to restrict all RDNS, when making exceptions in policy, it is required to manually set policy to restrict all, since changing the RDNS in policy overrides all Global RDNS decisions.