DNS Assured Forwarding (DAF) is a specialized firewall that blocks traffic to destinations that are not resolved by trusted DNS servers. You can configure a list of trusted DNS servers, so DNS traffic to these DNS servers and DNS requests resolved by these DNS servers would not be blocked when you enable DAF. Trusted DNS servers are local IP addresses in Service Edge, DNS servers running outside of Service Edge, any on-prem hosts running DNS service, DNS servers in NIOS, or the local domain list configured for the DNS forwarding proxy.. For more information, see DNS Assured Forwarding.
A DAF policy consists of multiple DAF rules you have configured. When you group a set of DAF rules into a DAF policy, you create a portfolio of DAF rules that you use to block certain traffic to certain destinations that are not resolved by trusted DNS servers.
The DAF Policies page of the Cloud Services Portal displays the following information for each policy:
NAME: The name of the DAF policy.
DESCRIPTION: The description of the policy.
RULES: The number of DAF rules in this DAF policy.
You can do the following on the DAF Policies page:
View the Priority, Rules, and other details of a policy: Select the policy and view its details in the panel on the right or by clicking .
Clone a policy: Select the checkbox of the policy you want to clone, and then click Clone > edit the cloned policy details.
Modify a policy: Select the checkbox of the policy you want to edit, and then click Edit.
Remove a policy: Select the checkbox of the policy you want to delete, and then click Remove.
Search for policies by keyword: In the Search text box, enter the keyword that you want to search on. The application displays the policies that match the keyword.