https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/400169#M91593 <P>The one with "DNS security" in it uses another license and it is not free but provides updates in real time to the DNS signatures&nbsp; (it is something like Wildfire lisense for file attacks) and the other is the free feature that needs manual&nbsp; dynamic updates to update the signatures and it will not provide zero day attack defense&nbsp; (like the antivirus signatures).</P><P>&nbsp;</P><P>If you have many DNS issues and have the money for the extra security then maybe you will want the DNS security:</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-security" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-security</A></P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-security.html" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-security.html</A></P> Mon, 19 Apr 2021 17:01:01 GMT nikoolayy1 2021-04-19T17:01:01Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/399900#M91586 <P>Hello Bros,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I my network and my firewall 3220 setup I have a question regarding the DNS security feature.</P><P>If you go through creating an anti-spyware profile, and exactly in the DNS signature what is the difference between DNS signature source "Palo Alto networks content DNS signature sinkhole as an action" and " Palo Alto network DNS security and sinkhole as action"</P><P>what are difference between both sections DNS security protection and from license perspective ?</P> Mon, 19 Apr 2021 13:47:16 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/399900#M91586 MRamadanAHafiez 2021-04-19T13:47:16Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/400169#M91593 <P>The one with "DNS security" in it uses another license and it is not free but provides updates in real time to the DNS signatures&nbsp; (it is something like Wildfire lisense for file attacks) and the other is the free feature that needs manual&nbsp; dynamic updates to update the signatures and it will not provide zero day attack defense&nbsp; (like the antivirus signatures).</P><P>&nbsp;</P><P>If you have many DNS issues and have the money for the extra security then maybe you will want the DNS security:</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-security" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-security</A></P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-security.html" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-security.html</A></P> Mon, 19 Apr 2021 17:01:01 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/400169#M91593 nikoolayy1 2021-04-19T17:01:01Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/400311#M91597 <P>Hello,</P> <P>DNS security is a big deal with all the threats out there. Here are some things I highly suggest you do:</P> <OL> <LI>Use a secure DNS provider such as OpenDNS, TitanHQ, or Quad9. Even PAN has one now</LI> <LI>Only allow your Domain Controllers or DNS servers to get out for external DNS lookups. Goes along with point 1 above. Everything internal points to your internal DNS/Domain Controllers, and only they can get out to your secure DNS provider.</LI> <LI>Enable all security features you are licensed for and apply them to all external and internal policies, you dont need to do URL filtering internally</LI> <LI>Follow all best practices, etc.</LI> <LI>Keep things simple, and think through them with a diagram.</LI> </OL> <P>Just some pointers.</P> <P>&nbsp;</P> <P>Cheers!</P> Mon, 19 Apr 2021 21:02:40 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-security/m-p/400311#M91597 OtakarKlier 2021-04-19T21:02:40Z