Here are the main steps involved in deploying the agent software for DNS Protection:
- Enable DNS Protection at the Account level
- Enable DNS Protection for the site
- Configure DNS Protection settings
- Create an endpoint policy with DNS Protection enabled
- Apply endpoint policy and DNS Protection policy
1. Enable DNS Protection at the Account level.
From the GSM Console, select the Settings tab then click Subscriptions to check the status of a keycode and current subscriptions.
2. Enable DNS Protection for the site.
Select the Sites tab, then click the Manage button for the site where DNS Protection should be enabled.
3. Click the DNS tab and select the Enable SecureAnywhere DNS checkbox.
4. Set up the default DNS Protection Site policy.
The site will need to have a default DNS Protection policy applied. The DNS Protection policy controls what users can and cannot access and is customized using the DNS tab under the Policies section of the GSM console.
In this example, the DNS High Protection policy has been applied as the default site policy. The default site policy will act as the policy in cases where an endpoint hasn’t had a customized DNS Protection policy applied.
5. Configure DNS Protection to work with an Intranet.
If using Microsoft’s Active Directory (AD) in conjunction with an intranet, enter the local AD domain information (intranet domain) into the Agent Bypass List section. Add one entry for the specific domain and another wild-carded entry. Here is an example using companydomain.local.
6. Create an endpoint policy that has DNS Protection enabled.
Webroot recommends making a copy of the policy that is currently applied to endpoints and using that as the template for a DNS Protection enabled policy. Enable the DNS Protection setting, then save that as the standard policy to use when DNS Protection is to be deployed.
NOTE: If you don’t have an existing policy to copy from, use the pre-configured Recommended DNS Enabled policy to get started.
7. Apply policies.
There are two different policies that need to be applied to an endpoint for DNS to function properly:
- Endpoint Policy -- Has DNS Protection enabled to deploy the agent software.[list]
- Can be controlled at the GSM or Endpoint consoles.
- Default policy configured at DNS Protection setting page will be used if another policy is not applied.
- Can only be controlled at the GSM level.
9. In the Sites and Groups column, locate and expand the site you want to work with.
10. Click the Group where the endpoints reside that will have DNS Protection enabled. In this example, the site is Del DNS and the group selected is Default Group.
11. Select the checkboxes for the endpoints that will be updated and click the Edit Policy button.
12. Do both of the following:
- From the Endpoint Policy drop-down menu, select a policy with DNS enabled.
- From the DNS Protection Policy drop-down menu, select the appropriate DNS Protection Policy for the selected endpoints.
13. Click the Change button to apply the changes.
As endpoints check in and get the updated policy settings, the DNS Protection agent will deploy and start working.