For details on cookie usage on our site, read our Privacy Policy
DNS sinkhole v9.0.1
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Threat & Vulnerability
- DNS sinkhole v9.0.1
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
DNS sinkhole v9.0.1
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-11-2019 11:53 AM
Have 2 HA VMs with 9.0.1
Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-ident...
In section 3), how does this need to be configured ((addr.dst in 10.15.0.20) ) when using Palo Alto Networks Sinkhole IP (sinkhole.paloaltonetworks.com) ?
Thanks.
Ho
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-10-2020 09:37 AM
@Velo-JV in the drop-down, yes
Just type a different IP 🙂
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-10-2020 09:59 AM
Ahh ok got it. Is there a list of available sinkhole IPs that Palo Alto hosts? I am following along their guide "See Infected Hosts that Attempted to Connect to a Malicious Domain" and the report you create needs you to specify a specific IP destination, which has gone away in 9.0.
Thank you,
Jonathan
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-10-2020 10:02 AM - edited 04-10-2020 10:02 AM
The panw hosted one is sinkhole.paloaltonetworks.com, by you can use any IP, preferably something that's not on the internet and not in your network either (unless you have a Honeypot)
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-10-2020 10:03 AM
Got it sounds good. Thanks for the quick response.
- DNS Sinkhole in Threat & Vulnerability Discussions
- DNS Security Service interfering with SPAM filter in Threat & Vulnerability Discussions
- Severity High and medium action are getting allow instead of block in Threat & Vulnerability Discussions
- Unable to resolve internal url's after implementing dns security. in Threat & Vulnerability Discussions
- Microsoft URL being DNS sinkholed suddenly? in Threat & Vulnerability Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
