NIOS-X with DFP and Infoblox Endpoint can honour “Allow - Local Resolution” for Application Custom List on Security Policy. DFP MUST have a fallback resolver configured. This is because the list of applications isn't put into the DNS config file but the DFP config file and the DFP can't send the query back to the DNS server. So to honour “Allow - Local Resolution”, the DFP must have a DNS server it can forward to (i.e. the fallback resolver)
Infoblox Endpoint can also honour this setting.
NIOS cannot honour this setting and ignores it.
DoH cannot honour this setting and ignores it.
External Networks cannot honour this setting and ignores it.
Note: When you configure a rule in a security policy for an application based custom filter with action set to “Allow - Local Resolution”, then its position in the security policy makes no different when it is implemented by NIOS-X and/or Infoblox Endpoint. This is because NIOS-X and Endpoint will apply the “Local Resolution” policy locally before the query can reach the cloud based security policy. Any application “block” action will only apply that action once it reaches the cloud. There is no “Block Locally” option because anything that isn't explicitly told to resolve locally will go to cloud.
Infoblox Threat Defense (cloud) can identify application usage. You can find out the exact domains but configuring “Allow - Local Resolution” for an application custom list in a security policy, apply to an endpoint and then look at the corefile.4 config.
0.facebook.com api.facebook.com apps.facebook.com b-api.facebook.com channel.facebook.com chat.facebook.com edge-chat.facebook.com gateway.facebook.com graph.facebook.com lookaside.fbsbx.com m.facebook.com mqtt.facebook.com mqtt.t.facebook.com orcart.facebook.com pixel.facebook.com s-static.ak.facebook.com star-mini.c10r.facebook.com star.c10r.facebook.com star.facebook.com static.ak.facebook.com touch.facebook.com upload.facebook.com vupload2.facebook.com vupload2.t.facebook.com web-chat-e2ee.facebook.com
appsforoffice.microsoft.com.edgekey.net attachments.office.net consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net cxcs.microsoft.net.edgekey.net displaycatalog-rp.md.mp.microsoft.com.akadns.net docs.microsoft.com-c.edgekey.net docs.microsoft.com-c.edgekey.net.globalredir.akadns.net download.microsoft.com.edgekey.net fe2.update.msft.com.trafficmanager.net fe2cr.update.msft.com.trafficmanager.net fs-wildcard.microsoft.com.edgekey.net fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net geover.prod.do.dsp.mp.microsoft.com.edgekey.net go.microsoft.com.edgekey.net login.microsoftonline.com privacy.microsoft.com.edgekey.net prod-video-cms-rt-microsoft-com.akamaized.net prod.configsvc1.live.com.akadns.net prod.fs.microsoft.com.akadns.net prod.mrodevicemgr.live.com.akadns.net prod.nexusrules.live.com.akadns.net prod.ocws1.live.com.akadns.net prod.odcsm1.live.com.akadns.net prod.ols.live.com.akadns.net prod.omexmessaginglfb.live.com.akadns.net prod.pptsgs.live.com.akadns.net prod.roaming1.live.com.akadns.net prodstack.support.microsoft.com.edgekey.net purchase.md.mp.microsoft.com.akadns.net r1.res.office365.com r3.res.office365.com r4.res.office365.com smtp.office365.com statics-marketingsites-wcus-ms-com.akamaized.net storecatalogrevocation.storequality.microsoft.com.edgekey.net www.icloud.com-v1.edgekey.net www.microsoft.com-c-3.edgekey.net www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
deepseek.com