URL Analysis relies on the configuration of a Layer 7 rule to capture the DNS traffic traversing the NSX Edge cluster.

A Layer 7 rule must be configured on all Tier-1 gateways, backed by the NSX Edge cluster for which you want to analyze traffic. The DNS traffic is analyzed to extract the hostname and IP information from the DNS packets. The extracted information is then used to categorize, and score the traffic.

Prerequisites

A medium-sized edge node (or higher), or a physical form factor edge.

Procedure

  1. Navigate to Security > Gateway Firewall and check that you are on the All Shared Rules tab.
  2. Click Add Policy to create a policy section, and give the section a name.
  3. Select the check box next to the policy and click Add Rule.
  4. Configure the following options:
    Option Description
    Name Name of rule.
    Source Any
    Destinations Any
    Services
    • DNS-UDP
    • DNS
    Profiles DNS
    Applied to Select all of the tier-1 gateways backed by the NSX Edge cluster where URL Analysis is enabled.
    Action Allow
  5. Click Publish.