When Edge SWG (ProxySG) is configured to use an internal/local DNS server that does not have forwarding enabled, the DNS Health Check will fail, making the server unusable. 

The Edge SWG is configured to use an internal/local DNS server that does not have forwarding enabled nor any DNS records for the public domains.

The Edge SWG DNS Health check sends a DNS query to the configured DNS server for symantec.com or bluecoat.com, depending on the SGOS version.
If the configured DNS server is an internal DNS server with no forwarding configured nor public records, it will respond with "Host not found" for symantec.com or blue.com, which results in a Health Check failure.

To address this issue, configure the DNS Server's Health Check on the Proxy to perform a DNS Health Check on a known Fully Qualified Domain Name (FQDN).

To configure the health check through the Management Console GUI:

1. Login to the SGAC
2. Go to the Administration –> Health Checks & Monitoring –> Health Checks
3. Select an Internal DNS server from the list,  and click the hyperlink or the "Edit" icon. This will bring up the Configuration Window

4. In the Host section select: "Use Host"

   Enter a known resolvable FQDN for this server (i.e. example.local)

      4. Click Apply and follow the remaining prompts to save the changes.

This will allow the Proxy to query a domain or host that the internal DNS server can resolve in place of the default.