Add Internal Domains

You can add destinations to your domains list to route them to your local resolver. DNS queries for destinations found in the domains list bypass the Secure Access DNS resolvers and instead query the local network's DNS servers.

Secure Access populates the domains list with any domains used by your organization to access local resources while on the organization's network (at the physical location or connected through VPN). Internal Domains is pre-populated with the .local TLD and all RFC-1918 (private network) reverse DNS address space.

Note: A Secure Access domains list cannot exceed 5000 entries.



  1. Navigate to End User Connectivity > Internet Security.
  2. For Internet Security bypass, click Add Destination.
  3. Check Resolve with local DNS or Bypass Web Proxy.
  1. For Entity, enter a domain or IP address.
  2. For Description, enter a meaningful description of the destination.
  3. Click the Applies To drop-down list to add sites and devices for this domain. By default, all sites and all devices are selected, but individual sites and devices can be selected but can be deselected. In addition to sites and devices, internal domains apply to the AnyConnect Roaming Security module and the PAC file. "Devices" refers specifically to roaming clients and mobile devices; other types of devices may have other means of rerouting DNS traffic, such as exclusion lists.
  1. Click Save to add the domain to the domains list.

Manage Domains < Add Internal Domains > Manage Resources