- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-10-2022 10:41 AM
Does the sinkhole take precedence over whitelisting? We whitelisted a url and are sinkholing parked categories. I can request to have the category changed, but was not sure which took precedence.
08-12-2022 03:36 AM
Sinkholing is a DNS action. URL filtering works on http/https connections.
When you try to visit a website, you have to resolve the FQDN (www.google.com) first. So DNS query happens first. Only after that a client (browser) knows where to send traffic (a http connection) to.
So whitelisting a URL doesn't help because the DNS query was blocked before there was any http/https connection.
08-11-2022 10:32 PM
Hi @gfleming,
That's an interesting question. Whitelisting a URL and Sinkhole fall under content inspection in the packet flow sequence in PAN-OS. Security profiles are checked through content inspection, but I cannot find a hard answer on which profiles are examined first. My first assumption would be starting at the top and going down.
08-12-2022 03:36 AM
Sinkholing is a DNS action. URL filtering works on http/https connections.
When you try to visit a website, you have to resolve the FQDN (www.google.com) first. So DNS query happens first. Only after that a client (browser) knows where to send traffic (a http connection) to.
So whitelisting a URL doesn't help because the DNS query was blocked before there was any http/https connection.
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

