DNS license and PAN OS 9.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS license and PAN OS 9.0

Cyber Elite
Cyber Elite

 

During Ignite we were told that DNS is coming as license service in PAN OS9.0.

Need to know is this service different from dns sinkhole?

 

IF it is how it is ?

MP

Help the community: Like helpful comments and mark solutions.
3 REPLIES 3

Cyber Elite
Cyber Elite
It's an additional database for DNS sinkhole, but the original ThreatPrevention database is loaded each time a dynamic update is downloaded and installed and is static, while the new DNS Security Service works more like URL filtering as it looks up each DNS request and gets a match from the cloud https://docs.paloaltonetworks.com/dns-security
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks for the useful link.

Does it mean that on PAN OS 8.1 we have limited signatures when i check on antispyware it shows 7650?

On PAN OS 9.0  using DNS license how many we have in cloud any idea?

 

Currently if we are using application as DNS and service as app-default will this protect us with dns tunneling on PAN OS 8.1?

Regards

Mike

MP

Help the community: Like helpful comments and mark solutions.

DNS security doesn't use signatures on the device. It is a cloud service, every DNS query is sent to PA cloud to be checked.

To use it you need the license and PAN-OS 9.0. 

 

DNS with app default doesnt protect you from DNS tunneling because the DNS queries used for it are compatible with the protocol.

  • 2840 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!