In certain setup scenarios, like ensuring SaaS accessibility through AppGate, it is advisable to set up AppGate as a DNS forwarder. By configuring AppGate as a DNS forwarder, you enable AppGate gateways to function as DNS resolvers, thereby managing all or specific DNS queries originating from AppGate clients.
Additionally, you can employ a DNS forwarder if you wish to prevent AppGate clients from directly accessing your internal DNS server. In this case, you would configure the DNS forwarder to handle this redirection.
Setting up DNS forwarder
Enable DNS forwarding under site setting
Under DNS server put DNS server that AppGate GWs can reach, it might be public DNS or private ones depend on the use case.
Remove IPv6 if you don’t use it under Resolved IPs - Allow Destination.
Create a DNS Entitlement
Create a DNS Entitlement for AppGate user to reach the DNS Forwarder in the above picture
Ensure that the relevant users are granted this entitlement.
Create an additional entitlement that grants access to users who need to reach resources resolved by the AppGate DNS forwarder. In this scenario, let's consider an AppGate user attempting to access various SaaS applications under the Packnot.com domain, all of which are protected by AppGate.
Domain flag will allow to resolve any query that fall under packnot.com.
Configure DNS policy
Lastly, configure the DNS policy as outlined below, and ensure that you attach the DNS entitlement created in step 2.
Ensure that the relevant users are granted this entitlement.
Please Note: Mobile devices (IOS & android) dns forwarder is only supported in combination with "default gateway" feature.