04-11-2019 11:53 AM
Have 2 HA VMs with 9.0.1
Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-ident...
In section 3), how does this need to be configured ((addr.dst in 10.15.0.20) ) when using Palo Alto Networks Sinkhole IP (sinkhole.paloaltonetworks.com) ?
04-11-2019 01:07 PM
Its whatever you configured in your anti-spyware policies.
04-12-2019 01:05 AM
The IP addresses currently are IPv4—sinkhole.paloaltonetworks.com and a loopback address IPv6 address—::1. These address are subject to change and can be updated with content updates.
As per my previous update, in PAN-OS v9.0.1:
06-17-2019 01:24 PM
just use the configured IPV4 dns address
04-10-2020 09:32 AM
The only options available are the loopback or the PAN URL:
There is no IPV4 available for the PAN networks.
04-10-2020 09:37 AM
@Velo-JV in the drop-down, yes
Just type a different IP 🙂
04-10-2020 09:59 AM
Ahh ok got it. Is there a list of available sinkhole IPs that Palo Alto hosts? I am following along their guide "See Infected Hosts that Attempted to Connect to a Malicious Domain" and the report you create needs you to specify a specific IP destination, which has gone away in 9.0.
04-10-2020 10:02 AM - edited 04-10-2020 10:02 AM
The panw hosted one is sinkhole.paloaltonetworks.com, by you can use any IP, preferably something that's not on the internet and not in your network either (unless you have a Honeypot)
04-10-2020 10:03 AM
Got it sounds good. Thanks for the quick response.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!