DNS Security - AntiSpyWare Profile/DNS Signatures/Policies Security Policy

palomed — Tue, 08 Mar 2022 00:26:10 GMT

Per the steps in the guide, I cloned the default profile and set about to configure

the DNS Signatures tab of the new profile. I believe that I want to sinkhole

both the classic signature (with 100k rules in the firewall) and the

newer DNS Security signature which will query PANs cloud database.

But then to effect these actions I need to add a security policy where Actions/Profiles

references my new Anti-Spyware profile which I named "DNS Security Profile".

For this specific rule, should the Action be Allow? Deny? Drop? Other?

Re: DNS Security - AntiSpyWare Profile/DNS Signatures/Policies Security Policy

LAYER_8 — Tue, 08 Mar 2022 18:57:46 GMT

You've already configured it. In the DNS Security Profile, you set the action to "sinkhole." So when your traffic with that security policy applied, reaches out to a known bad source, the request will get dropped. Even though it may be an allow traffic rule, DNS Security will always run. Trust, but verify.

See more here.

topic DNS Security - AntiSpyWare Profile/DNS Signatures/Policies Security Policy in General Topics

DNS Security - AntiSpyWare Profile/DNS Signatures/Policies Security Policy

Re: DNS Security - AntiSpyWare Profile/DNS Signatures/Policies Security Policy