Use Dynamic Objects in DNS Policies
The dynamic attributes connector enables you to configure dynamic filters, seen in the Secure Firewall Management Center as dynamic objects, in DNS rules. For information about DNS policies, see DNS Policies.
A dynamic object is automatically pushed from the dynamic attributes connector to the Secure Firewall Management Center after you create connectors and save a dynamic attributes filter on the connector.
You can use these dynamic objects on the DNS rule's Dynamic Attributes tab page, similarly to the way you use Security Group Tags (SGTs). You can add dynamic objects as source or destination attributes, except for endpoint device type objects, which are source only.
Procedure
Step 1 | Click and create or edit a DNS policy. |
Step 2 | Add or edit a rule. |
Step 3 | Click the Dynamic Attributes tab. |
Step 4 | In the Dynamic Attributes list, select the objects you want to use, then add them to the source or destination lists as appropriate. Initially, all security group and dynamic objects are listed, by you can uncheck the Security Group option to see dynamic objects only. |
Step 5 | On the DNS tab, select the appropriate list or feed to match the DNS requests you are targeting. |
Step 6 | Add other conditions to the rule if desired and set the action. |
Step 7 | Click Save. |