I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891... is great but how do I create the Anti-spyware profile for multiple IPs? I'm hoping I don't have to create one profile for each IP.
Thank you in advance.
@rullyk what do you mean by multiple IPs? The 'fake ip' that your linked document is the DNS sinkhole. That address is going to be fed to any client that requests a malicious URL as determined by the PA firwall; it intercepts the traffic and feeds the 'fake ip' as the DNS response. The sinkhole then can be configured to give you a log of anybody that accessed it so that you can mitigate any possible infections. Are you trying to feed it multiple sinkhole IPs?
The Anti-Spyware profile that you have created should be assigned to your required security policies or assigned to a Security Profile Group that then gets assigned to your security policies.
We have caught 7 'fake ips'. In the instruction, it's only using one set of IP '188.8.131.52' but in our case we also have 184.108.40.206, 220.127.116.11, and so on. How do we put those in the Anti-Spyware profile? Anything can be used to separate one IP from the others?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!