Application scenarios of smart DNS on the USG9000

0

If an intranet has a DNS server deployed, you can enable smart DNS on the FW to reply to DNS requests of users from different ISP networks so that the users can obtain the most appropriate addresses (address on the same ISP network as the user). When a user initiates access traffic (data traffic), the most appropriate address is used as the destination address, ensuring that the traffic from the user is forwarded over the ISP network of the user to the intranet Web server that provides services only for this ISP network. In this way, the user's traffic does not have to make a detour on other ISP networks to reach the Web server, ensuring the shortest Web access delay and best service experience.

Other related questions:
Application scenarios of the USG9000 DNS transparent proxy
The DNS transparent proxy function of the firewall can change the destination addresses of certain DNS request packets to the DNS server addresses of other ISPs (such as the DNS server address of ISP2). DNS requests are forwarded to different ISPs, and therefore the web server addresses obtained through resolution belong to different ISPs, and Internet access traffic is forwarded through different ISP links. This helps prevent the issue that a link is congested, whereas other links are idle and ensures that all link resources are fully used.

Application scenarios of GRE features on the USG6000
GRE features are mainly applied in the following scenarios: GRE over IPSec, IPv6 over IPv4 tunnel, expanding the working scope of the network with restricted hops, and GRE VPN.

Application scenarios of the USG6000 DNS transparent proxy
The DNS transparent proxy function of the firewall can change the destination addresses of certain DNS request packets to the DNS server addresses of other ISPs (such as the DNS server address of ISP2). DNS requests are forwarded to different ISPs, and therefore the web server addresses obtained through resolution belong to different ISPs, and Internet access traffic is forwarded through different ISP links. This helps prevent the issue that a link is congested, whereas other links are idle and ensures that all link resources are fully used.

Major application scenarios of SSL VPN on the USG9000 series
The major SSL VPN scenarios include SSL VPN access gateway for remote users and isolation of services of multiple virtual gateways.

Application scenarios where the USG6000 serves as the DNS Client
The firewall serves as the DNS Client and uses DNS to dynamically obtain the IP address corresponding to the domain name for user communications. When the firewall executes the following services, it can serve as the DNS Client to send DNS request packets to the DNS Server. Perform the ping or tracert operation in domain name mode. Access the security center platform in domain name mode to update the signature database. Access the CA server in domain name mode to obtain the certificate online.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top