SA520 LAN configuration - Enable DNS Proxy?

Unanswered Question
Dec 9th, 2009

Enable DNS Proxy is checked by default in the SA520 IPv4 LAN Configuration screen under "LAN Proxies".  Can someone advise me as to whether this needs to be enabled or what it does.  I don't fully understand the explanation in the user guide (see below):

From the user guide:

"In the LAN Proxies section, specify the proxy settings:

Enable DNS Proxy: Check this box to allow the security appliance to act as a proxy for all DNS requests and to communicate with the DNS servers of the ISP. When this feature is disabled, all DHCP clients receive the DNS IP addresses of the ISP."

My network only has about 15 users and the SA520 is acting as the DHCP server.  We've been having sporadic problems accessing the Internet ever since the SA520 was installed.  Sometimes people get the "page cannot be displayed" and/or "diagnose connection" when they try to browse the Internet.  Sometimes they have to try the same page 6 times to get it to open.  I have updated the firmware to the latest version 1.0.39, and I noticed the "Enable DNS Proxy" setting when I was reconfiguring the SA520 (because this firmware upgrade resets the box to factory defaults), and I was unsure about what this setting is really for.  I don't know if this setting has anything to do with the problems we've been having, but if someone could elaborate on the purpose of enabling DNS proxy that would be helpful.

Thanks,  Adam V.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven Smith Wed, 12/09/2009 - 11:59

This means that the DNS server of your clients is always going to be the SA500.  The SA500 will then forward the request to the DNS servers it received VIA DHCP or static IP assignment.  If this is not enabled, you will need to specify what you want the DNS server to be.

For most systems, having the DNS proxy will work fine.  If you are running and active directory domain or something else that requires a different DNS server, you might want to change this.

jvandendungen Mon, 01/18/2010 - 10:52


I have the SA520W installed, and have the same problem, resolving issues. tried to use the SA as dns proxy or the AD one in my network, not getting it fixed.

I installed firmware 1.0.39


Jan van den Dungen

Message was edited by: jvandendungen Fixed in later firmware, installed 1.1.21. Regards, Jan

Steven Smith Tue, 01/19/2010 - 08:59

The 1.1.21 code does have some DNS fixes in it, which is likely the problem you were seeing.  I am happy that resolved it for you.


This Discussion