Juniper Advanced Threat Prevention Cloud (ATP Cloud)

DoT support with SSL forward proxy (SRX Series Firewalls and vSRX Series Firewall)—Use DNS over TLS (DoT) with SSL forward proxy to decrypt the DNS traffic. Use DNS filtering, domain generation algorithm (DGA) detection, and DNS tunneling detection to filter malicious domains, enhancing threat detection and privacy. To leverage DNS security with DoT, configure SSL proxy profile, manage certificates, and set up security policies. You can monitor traffic by using the DNS statistics commands.

[See show services security-intelligence dns-statistics, Enable DNS SecIntel Detection, Enable DNS DGA Detection, Enable DNS Tunnel Detection, Configure DNS Sinkhole and Configuring SSL Proxy.]