I'm pretty sure this isn't a unique to me question. I am trying to enforce my clients to only use umbrella DNS. I've got all of my internal clients and DHCP scopes correctly configured, but I need to be able to block people from using manually configured external DNS servers. The really short version of what I'm looking to do is create a firewall rule to only allow DNS queries to 208.67.222.222 and 208.67.220.220, and on all DNS ports (853 and 53). I'm actually trying to figure out how to create a firewall rule going to a port group. I know how to make the block and allow rules, and I've got the object group made, but do I need to make two separate rules, one per port?
... View more
