Configure DNS Sinkhole with multiple IPs

cancel
Showing results for 
Search instead for 
Did you mean: 

Configure DNS Sinkhole with multiple IPs

L0 Member

Hello,

 

I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891... is great but how do I create the Anti-spyware profile for multiple IPs?  I'm hoping I don't have to create one profile for each IP.

 

Thank you in advance.

2 REPLIES 2

Cyber Elite
Cyber Elite

@rullyk what do you mean by multiple IPs? The 'fake ip' that your linked document is the DNS sinkhole. That address is going to be fed to any client that requests a malicious URL as determined by the PA firwall; it intercepts the traffic and feeds the 'fake ip' as the DNS response. The sinkhole then can be configured to give you a log of anybody that accessed it so that you can mitigate any possible infections. Are you trying to feed it multiple sinkhole IPs?

 

The Anti-Spyware profile that you have created should be assigned to your required security policies or assigned to a Security Profile Group that then gets assigned to your security policies.  

We have caught 7 'fake ips'.  In the instruction, it's only using one set of IP '1.1.1.1' but in our case we also have 2.2.2.2, 3.3.3.3, and so on.  How do we put those in the Anti-Spyware profile?  Anything can be used to separate one IP from the others?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!