DNS Security

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Logesh
L1 Bithead

DNS Security

Hi, 

 

We are getting warning message (Warning: No valid DNS Security License) when we commit every time. currently we are using PAN OS 9.0.5. Is it possible to disable this warning message.

 

Regards,

Logesh S.


Accepted Solutions
reaper
L7 Applicator

this means you enabled or changed the action on the 'palo alto networks dns security' option in DNS signatures of one or more of your spyware profiles

 

you should set it to 'allow' with no packetcapture if you do not have a license

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374

View solution in original post


All Replies
kiwi
Community Team Member

Hi @Logesh ,

 

At this time there's no way to suppress warning messages during commit.

 

Fix the warning

Or reach out to your local SE and have him add your vote to the existing feature request there is for this (FR ID: 2689 - Suppress Warnings in Commit)

 

Cheers,

-Kiwi.

 
Logesh
L1 Bithead

Thanks @kiwi, i will check the same.

reaper
L7 Applicator

this means you enabled or changed the action on the 'palo alto networks dns security' option in DNS signatures of one or more of your spyware profiles

 

you should set it to 'allow' with no packetcapture if you do not have a license

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374

View solution in original post

TomYoung
L1 Bithead

You are THE MAN!  This answer should be marked as the solution.  I love clearing all commit errors.  It should be emphasized more in best practices.

mlinsemier
L4 Transporter

Just a quick update on this older topic that under PANOS 10.0.x, the DNS Sec license is now integrated in the policy and you can no longer make this change.  Additionally, you cannot change the built-in default policy either.  The kicker is that my Palo Alto account manager offered to sell me DNS Security licenses to get rid of the error and the TAC Engineer told me that its "cosmetic and just a warning" and to file a feature request through my account manager.  

 

mlinsemier_0-1613595029976.png

 

I love when my security team sends me messages every day asking why where are warnings in Panorama about security policies being committed with warnings.  Hopefully as more of us move towards 10.0.x Palo Alto will do something about this.  It frustrating as this option shouldn't be configurable if we don't have a license.

 

-Matt

crodrigueze
L0 Member

Hi Matt, I have the same in PANOS 10 I deleted that warning deleting all botnet-domains, it works if you don't want use the sinkhole feature.

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!