Test a policy
1 min read
It is common for a misconfigured Gateway policy to accidentally block traffic to benign sites. To ensure a smooth deployment, we recommend testing a simple policy before deploying DNS filtering to your organization.
Test a policy in the browser
- Go to Gateway > Firewall policies.
- Disable all existing DNS policies.
- Re-enable or create a policy to block all security categories:
Selector Operator Value Action Security categories in
All security risks
- Ensure that your browser is not configured to use an alternate DNS resolver. For example, Chrome has a Use secure DNS setting that will cause the browser to send requests to 126.96.36.199 and bypass your DNS policies.
- In the browser, go to
malware.testcategory.com. You should see a generic Gateway block page.
- In Logs > Gateway > DNS, verify that you see the blocked domain.
- Slowly re-enable or add other policies to your configuration.
- When testing against frequently-visited sites, you may need to in your browser or OS. Otherwise, the DNS lookup will return the locally-cached IP address and bypass your DNS policies.
You have now validated DNS filtering on a test device.