Correct, think about what the client gets when connected to a Proxy. HIPS cannot know more than the client provides, so when using any FQDN / DNS you can check against certain IP Adresses but when the Proxy does only provide his own it does not match. If you use a name HIPS need to let the System make a DNS resolve.
HIPS is not a URL filter.
Hello is there any way how to block specific URL ?
Not within HIPS; try the SiteAdvisor product.
Tried DNS Blocking = not working for me.
Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )
My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .
DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups. In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup. The browser request is handed off directly to the Proxy server, which does the DNS lookup. I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.