Configure DNS Sinkhole with multiple IPs

Reply
Highlighted
L0 Member

Configure DNS Sinkhole with multiple IPs

Hello,

 

I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891... is great but how do I create the Anti-spyware profile for multiple IPs?  I'm hoping I don't have to create one profile for each IP.

 

Thank you in advance.

Tags (2)
L7 Applicator

Re: Configure DNS Sinkhole with multiple IPs

@rullyk what do you mean by multiple IPs? The 'fake ip' that your linked document is the DNS sinkhole. That address is going to be fed to any client that requests a malicious URL as determined by the PA firwall; it intercepts the traffic and feeds the 'fake ip' as the DNS response. The sinkhole then can be configured to give you a log of anybody that accessed it so that you can mitigate any possible infections. Are you trying to feed it multiple sinkhole IPs?

 

The Anti-Spyware profile that you have created should be assigned to your required security policies or assigned to a Security Profile Group that then gets assigned to your security policies.  

L0 Member

Re: Configure DNS Sinkhole with multiple IPs

We have caught 7 'fake ips'.  In the instruction, it's only using one set of IP '1.1.1.1' but in our case we also have 2.2.2.2, 3.3.3.3, and so on.  How do we put those in the Anti-Spyware profile?  Anything can be used to separate one IP from the others?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!