Filter
Top Products
51-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 51 Configuring Server Access Settings on Firewall Devices
DNS Page
Navigation Path
• (Device view) Select Platform > Device Admin > Server Access > DNS from the Device Policy
selector.
• (Policy view) Select PIX/ASA/FWSM Platform > Device Admin > Server Access > DNS from
the Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new
one.
Related Topics
• Add DNS Server Dialog Box, page 51-16
Field Reference
Table 51-13 DNS Pa ge
Element Description
DNS Server Groups table This table lists the currently defined DNS server groups. Use the Add
Row, Edit Row and Delete Row buttons below the table to manage these
group entries.
The Add Row button opens the Add DNS Server Group dialog box, and
the Edit Row button opens the Edit DNS Server Group dialog box;
except for the titles these dialog boxes are identical. See Add DNS
Server Group Dialog Box, page 51-15 for more information.
DNS Lookup Interfaces Lists the interfaces on which you want to enable DNS lookup. Enter or
Select one or more interfaces or interface roles.
Enable DNS Guard
(ASA/PIX 7.0(5), 7.2(x) and
8.x only)
Check this box to enable DNS Guard for the selected device or shared
policy. DNS Guard tears down the DNS session associated with a DNS
query as soon as the DNS reply is forwarded by the security appliance.
DNS Guard also monitors the message exchange to ensure that the ID
of the DNS reply matches the ID of the DNS query.
This command is effective only on interfaces for which DNS inspection
is disabled. When DNS inspection is enabled, the DNS Guard function
is always performed.
Note In releases prior to 7.0(5), the DNS Guard functions are always
enabled regardless of the configuration of DNS inspection.