How to Create Exception Policies for DNS Filtering

You can create domain-level block or allow exceptions to the policies you have already defined (as described in How to Configure DNS Filtering and Policies).  For example, you might want to block the category Finance and Investment for your organization, but allow specific bank and brokerage domains so your finance department can do company business. 

1. Go to the DNS FILTERING page.

2. In the OUTBOUND IP ADDRESS column, locate the network for which you want to update policies, then click EXCEPTIONS .    

      

3. Select Allow Traffic or Block Traffic, and then enter the domain or subdomain name in the format shown in the table. Do not use wildcards ('*'), or include protocols, such as http:// or https://. Note that the '*' wildcard is built-in. So, for example, if you enter mydomain.com, all subdomains (users.mydomain.com, etc.) will be included. Likewise, if you add a subdomain, all TLDs will be included.

   Domains and subdomains: All subdomains of the domain you enter are automatically included; in other words, subdomains inherit policies applied for a domain, UNLESS you create an exception. If you want to create an exception for a particular subdomain, you must specify that subdomain explicitly. For example, if you create a Block Traffic exception for google.com, all subdomains are included and blocked. If you want to allow subdomain mail.google.com, create an Allow Traffic exception for the subdomain mail.google.com. Here are more examples of how exceptions work with domains and subdomains:

4. Click ADD DOMAIN.

5. Click Save.

To remove an exception, click the Remove icon () in the table.