...
You can add a custom list to multiple security policies or multiple custom lists to one security policy based on your business needs. When you assign multiple custom lists that contain the same domain name(s) but with different actions to the same security policy, BloxOne Threat Defense Cloud takes actions based on the following order:
- Allow (= Allow but no log)
- Redirect
- Block
- Log (= Allow and log)
BloxOne Threat Defense Cloud automatically creates the following default global policies. If you are concerned about DNS data exfiltration through DNS tunneling, DNSMessenger, Fast Flux, and DGA (including Dictionary DGA), you can add any or all of these policies to the security policy for a allow list or backlist. Note that you cannot modify or delete these default policies.
...