Configuring DNS proxy through the CLI of the USG2000&5000 series

0

The USG2000&5000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server.
After the IPv4 DNS proxy function is enabled and the IP address of the DNS server changes, you only need to change the DNS proxy configurations. Therefore, network management is simplified.
1. Run the system-view command to access the system view.
2. Run the dns proxy enable command to enable the IPv4 DNS proxy function.
The IPv4 DNS proxy function is disabled by default.
3. Run the dns server { ip-address | unnumbered interface interface-type interface-number } command to add the DNS server.
4. Optional: Run the dns host source { interface-type interface-number | ip-address } command to specify the source address of the query packet.

Other related questions:
Configuring DNS proxy through the web UI of the USG2000&5000 series
The USG2000&5000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server. 1. Choose Network > DNS > DNS. 2. Click Add in DNS Server List. 3. Set the IP address of the DNS server. If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK. If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface. If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List. Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers. 4. Optional: In Configure DNS Query Packets' Source Address, set the Source Interface or Source Address. 5. Click Apply .

Restricting the number of overall sessions through the CLI on the USG2000&5000 series
The USG2000&5000 series devices support configuring the number of global sessions through the CLI. For details, see USG2000&5000 Product Document > CLI Configuration Guide > Firewall > Traffic Limiting Policies Configuration.

Configuring DNS proxy through the web UI of the USG6000 series
The USG6000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server. 1. Choose Network > DNS > DNS. 2. Click Add in DNS Server List. 3. Set the IP address of the DNS server. If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK. If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface. If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List. Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers. 4. Optional: In Configure DNS Query Packets's Source Address, set the Source Interface or Source Address. 5. Click Apply .

Configuring a policy to allow port access through the CLI of the USG2000&5000
On the CLI of the USG2000&5000 series, configure a security policy, set the condition to source port and the action to permit.

Configuring a policy to restrict port access through the CLI of the USG2000&5000
On the CLI of the USG2000&5000 series, configure a security policy, set the condition to source port and the action to deny.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top