https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561708#M2026 <P>You don't need dedicated rule for that traffic. If you leave it to default traffic goes to Palo Alto IP and utilizes your default outgoing traffic policy. If you need to run reports of machines connected to that IP you can use sinkhole IP in report filter so dedicated policy would not give much value.</P> Sat, 14 Oct 2023 23:18:59 GMT Raido_Rattameister 2023-10-14T23:18:59Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561677#M2025 <P>hi all</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable:</P> <P>dns sinkhole &gt; DNS Policies &gt; default-paloalto-dns &gt; sinkhole enable .</P> <P>DNS Sinkhole Setting&gt; IPv4 &gt; X.X.X.X</P> <P>Now, this profile is also added to our security profiles used in all rules , means we have all rules with a DNS policy.</P> <P>&nbsp;</P> <P>our main concern is:&nbsp; Do we need a specific rule at the top of all rules specific for DNS sinkhole? yes or no?&nbsp;</P> <P>&nbsp;</P> <P>thanks all for the possible feedback about it.</P> <P>&nbsp;</P> <P>jose</P> <P>&nbsp;</P> Fri, 13 Oct 2023 17:37:26 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561677#M2025 Jose_Espinoza 2023-10-13T17:37:26Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561708#M2026 <P>You don't need dedicated rule for that traffic. If you leave it to default traffic goes to Palo Alto IP and utilizes your default outgoing traffic policy. If you need to run reports of machines connected to that IP you can use sinkhole IP in report filter so dedicated policy would not give much value.</P> Sat, 14 Oct 2023 23:18:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561708#M2026 Raido_Rattameister 2023-10-14T23:18:59Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561911#M2027 <P>hello there</P> <P>&nbsp;</P> <P>Thank you for the replay, I have the same thoughts for this.</P> <P>I will work on clean up the rules from fw's .</P> <P>&nbsp;</P> <P>thank you again</P> <P>jose</P> Mon, 16 Oct 2023 18:10:35 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-sinkhole-rule/m-p/561911#M2027 Jose_Espinoza 2023-10-16T18:10:35Z