Hey there @Mike719 ,
I’m gonna ping one of our awesome product experts to help you out here - @coscooper, any ideas?
Thanks! @khumphrey.
Appreciate all assistance. This is the first deployment I am “in charge” of so I want to make sure that there are no glitches.
A little more detail about the current environment:
The firewall currently handles DNS and DHCP.
The DHCP settings are primary DNS is the gateway (firewall) and there is no secondary DNS.
Mike
I have this deployment in place at many clients. There’s nothing you need to do. If they do have a static IP, I’d suggest also plugging in the values for Webroot’s DNS servers into the WAN facing DNS settings. Other than that, there’s no local server or services running, so you should be good to go.
@Mike719 - If you deploy the service on top of your existing webroot endpoint protection agents, there’s nothing else to configure. The service changes the local devices DNS to local loopback and answers all DNS requests through our servers no longer even needing the local DNS. Then, it only uses the local network DNS (Router or AD - or wherever it got its DNS information) for when/if local resource resolution is required. If there’s ever a local non TLD, like workgroup or AD, then it requires an agent bypass to tell the agent to use the local DNS. Otherwise, our (Webroots) DNS service handles the DNS requests.
The only reason to configure the local router would be to provide protection to devices that do not have a Webroot service/agent. For example, IOT devices, mobile devices or a file server where you can’t or do not want to manage an agent, you can configure the local FW NSServers with Webroot IPs. Just configure the WAN IP in the Webroot console first, then edit the NSServers on your router with the IPs from the configuration/network selection in the Webroot admin site management console.
Hope that helps. If you need any specific questions answered, DM me here on the community.
@jhartnerd123 - we must have been typing at the same time. 
