Application scenarios where the USG6000 serves as the DNS Client


The firewall serves as the DNS Client and uses DNS to dynamically obtain the IP address corresponding to the domain name for user communications.
When the firewall executes the following services, it can serve as the DNS Client to send DNS request packets to the DNS Server.
Perform the ping or tracert operation in domain name mode.
Access the security center platform in domain name mode to update the signature database.
Access the CA server in domain name mode to obtain the certificate online.

Other related questions:
Application scenarios for the USG6000 served as a DHCP server
When the USG6000 serves as a DHCP server, the typical application scenarios are as follows: ?The DHCP client and the DHCP server are in the same network segment: The firewall serves as the DHCP server that is connected to the DHCP client through the L2 switch (or hub). ?The DHCP client and the DHCP server are in different network segments: The DHCP server needs to cooperate with a DHCP relay to dynamically allocate IP addresses in different network segments.

Typical applications for the USG6000 served as a DHCP relay
The USG6000 DHCP client and DHCP server are in different network segments. The DHCP relay is deployed in the network segment where the DHCP client resides. The DHCP client can communicate with the DHCP server over the DHCP relay and obtain configuration information such as IP address from the DHCP server.

Application scenarios of the USG6000 DNS transparent proxy
The DNS transparent proxy function of the firewall can change the destination addresses of certain DNS request packets to the DNS server addresses of other ISPs (such as the DNS server address of ISP2). DNS requests are forwarded to different ISPs, and therefore the web server addresses obtained through resolution belong to different ISPs, and Internet access traffic is forwarded through different ISP links. This helps prevent the issue that a link is congested, whereas other links are idle and ensures that all link resources are fully used.

Application scenarios of smart DNS on the USG9000
If an intranet has a DNS server deployed, you can enable smart DNS on the FW to reply to DNS requests of users from different ISP networks so that the users can obtain the most appropriate addresses (address on the same ISP network as the user). When a user initiates access traffic (data traffic), the most appropriate address is used as the destination address, ensuring that the traffic from the user is forwarded over the ISP network of the user to the intranet Web server that provides services only for this ISP network. In this way, the user's traffic does not have to make a detour on other ISP networks to reach the Web server, ensuring the shortest Web access delay and best service experience.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top