Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-07-2020 01:49 AM
guys,
i wanna achieve dns proxy wherein my requirement is as follows:
1. i wanna use my internet browsing PCs to use palo alto defined DNS which will use our ADSL 100mbps connection for browsing.
2. secondly, my other critical PCs will use DNS from existing AD and use Lease Line internet for server access and mission critical tasks.
i feel i can achieve this via dns proxy feature in PAN , but little confused how to go abt it.
appreciate help
04-15-2020 11:46 PM
Yes i added both dns proxy rules and static entries.
But inside the static entry page also the address need to mention for a fqdn also is only taking ( 172.X.X.X) NOT (172.X.X.X:8888)
i wanna achieve the latter part of this.
04-16-2020 12:42 AM
Why do you want to add port? It will only accept IP address not port.
Mayur
04-16-2020 12:50 AM
becoz there are servers internally which is running on different services.
otherwise all is working fine. but i cannot move forward if other teams are not able to access these servers for their activity.
04-16-2020 01:17 AM
You can't add port in this settings, firewall will not allow to configure same.
Also your requirement should be fulfilled without adding port. If you are using DNS proxy rule, you just add DNS server IP against the internal URL. And under static entries, you just need to mention URL against its associated IP. For this, it is not required to configure service port, it should work properly.
Mayur
04-16-2020 01:30 AM
Yes you are right.
Becoz we understand is that the dns proxy is doing its job by resolving the URls to IPs configured in the DNS-Proxy.
About Port issue i believe it out of this topic..
04-16-2020 02:23 AM
@ Mayur,
The issue is resolved, the Ip with port is now accessible as we wanted to achieve.
What we found is that on the PAN policy the application tab was set as "application-default", as soon as we made it "Any", it worked with different ports as well.
So the Issue is RESOLVED 🙂
Thanks for your help you made me stick to the topic 😛
04-16-2020 03:05 AM
That's great! Can you please mark this question as solved please?
Mayur
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
