FQDN Analysis gives you visibilty into external domains and enables insights into cloud application usage, business elevant usage, risky user usage, and potentially malicious behavior.
Prerequisites and limitations:
- NSX Edges (management interface) need access to the internet to download category and reputation definitions from VMware Cloud.
- Medium and larger VM form factor edge nodes, or physical edge nodes are supported.
- DNS Server must be north of tier-1 gateway.
- Only north/south internet traffic from workloads deployed behind T1 is analyzed.
- Create a Layer 7 DNS rule on the tier-1 gateway to intercept DNS request and response traffic (if it doesn't already exist).
- Navigate to Gateway Specific tab. and check that you are on the
- Click Add Policy to create a policy section, and give the section a name.
- Select the check box next to the policy and click Add Rule.
- Configure the following options:
Variable Description Name Provide a name for the rule, such as L7 DNS Rule Source Any or specific group Destination Any or specific group Services - DNS-UDP
- DNS
Profiles DNS context profile Applied To Select all of the tier-1 gateways backed by the NSX Edge cluster where FQDN Analysis is enabled. Action Allow - Click Publish.
Activate FQDN Analysis
- Turn on the FQDN Analysis per gateway and URL database per corresponding edge cluster by navigating to Gateway Firewall Settings.
Note: Fetching the URL database version is not supported if a proxy server is activated in your environment. NSX Edges must have a direct internet connection with with VMware NTICS cloud to fetch the URL database version.
. Once activated, the URL database will be downloaded to each cluster member. See
- Monitor FQDN analysis on the FQDN Analysis Dashboard.