10-13-2023 10:33 AM - edited 10-13-2023 10:37 AM
hi all
we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable:
dns sinkhole > DNS Policies > default-paloalto-dns > sinkhole enable .
DNS Sinkhole Setting> IPv4 > X.X.X.X
Now, this profile is also added to our security profiles used in all rules , means we have all rules with a DNS policy.
our main concern is: Do we need a specific rule at the top of all rules specific for DNS sinkhole? yes or no?
thanks all for the possible feedback about it.
jose
10-14-2023 04:18 PM - edited 10-14-2023 04:18 PM
You don't need dedicated rule for that traffic. If you leave it to default traffic goes to Palo Alto IP and utilizes your default outgoing traffic policy. If you need to run reports of machines connected to that IP you can use sinkhole IP in report filter so dedicated policy would not give much value.
10-14-2023 04:18 PM - edited 10-14-2023 04:18 PM
You don't need dedicated rule for that traffic. If you leave it to default traffic goes to Palo Alto IP and utilizes your default outgoing traffic policy. If you need to run reports of machines connected to that IP you can use sinkhole IP in report filter so dedicated policy would not give much value.
10-16-2023 11:10 AM
hello there
Thank you for the replay, I have the same thoughts for this.
I will work on clean up the rules from fw's .
thank you again
jose
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
