https://live.paloaltonetworks.com/t5/next-generation-firewall/dns-failover-service/m-p/998070#M5225 <P>We are testing a 3rd party DNS failover service and they need a way to verify if our ISP is up.&nbsp; My thought on this was to allow ping/icmp on our external nic from the vendor's public IP range, however that isn't an option.&nbsp; We could allow http/https but I really hate the idea of opening the administrative access to the public, even if it is just their specific range of IP addresses.&nbsp; We can specify any other TCP or UDP port for them to check but it has to be something the firewall NIC would respond to so the vendor knows it is alive.&nbsp; Would maybe SNMP or Syslog traffic work?&nbsp; Any thoughts or suggestions would be appreciated.&nbsp; Thanks!&nbsp;</P> Thu, 12 Dec 2024 14:04:18 GMT B.Fisher 2024-12-12T14:04:18Z https://live.paloaltonetworks.com/t5/next-generation-firewall/dns-failover-service/m-p/998070#M5225 <P>We are testing a 3rd party DNS failover service and they need a way to verify if our ISP is up.&nbsp; My thought on this was to allow ping/icmp on our external nic from the vendor's public IP range, however that isn't an option.&nbsp; We could allow http/https but I really hate the idea of opening the administrative access to the public, even if it is just their specific range of IP addresses.&nbsp; We can specify any other TCP or UDP port for them to check but it has to be something the firewall NIC would respond to so the vendor knows it is alive.&nbsp; Would maybe SNMP or Syslog traffic work?&nbsp; Any thoughts or suggestions would be appreciated.&nbsp; Thanks!&nbsp;</P> Thu, 12 Dec 2024 14:04:18 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/dns-failover-service/m-p/998070#M5225 B.Fisher 2024-12-12T14:04:18Z