This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS Sinkhole

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS Sinkhole

Go to solution
Doyenadmin
L3 Networker

‎07-13-2022 09:23 AM

Hi guys,

 

I have Threat prevention license in my PA-3200 Series firewall but when i configure dns sinkhole in antispyware I am getting Warning: "No Valid DNS Security License" during commit, do i need to buy DNS license to work with sinkhole feature. 

 

Please suggest.

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
Doyenadmin
L3 Networker
In response to PavelK

‎07-14-2022 08:05 AM

Hi Pavel,

Pan-os version is 10.1.5-h2, and as per KB article  if i'll use Paloalto Networks content signatures and action as sinkhole - i won't require DNS signature license.

 

and if i will go for DNS security signature, ill be requiring DNS license. 

 

correct me if i am wrong.

 

dns.jpg

View solution in original post

0 Likes Likes

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎07-15-2022 05:36 AM

Thank you for reply @Doyenadmin, your understanding is correct.

 

Help the community: Like helpful comments and mark solutions.

View solution in original post

4 REPLIES 4

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎07-13-2022 03:02 PM

Hello @Doyenadmin

 

for DNS Sinkhole setup, the DNS Security License is not required. The Threat Prevention License is enough to enable this feature.

 

Could you please share a screen of your setup along with PAN-OS version?

 

I would also recommend to have a look into this KB to make sure that it is configured according to best practice: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
(1)

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎07-14-2022 01:37 AM

Hi @Doyenadmin 

 

Just to add to @PavelK great answer it is important to point which DNS signature policy you have configured with sinkhole.

Astardzhiev_0-1657787648205.png

As you can see from the documentation "DNS Security" category requires the additional DNS Security license

Astardzhiev_1-1657787722608.png

Trying to use any of the above with action sinkhole or block will require additional license. And this is how it looks on 9.1 versions

Astardzhiev_2-1657787820846.png

 

(1)

Go to solution
Doyenadmin
L3 Networker
In response to PavelK

‎07-14-2022 08:05 AM

Hi Pavel,

Pan-os version is 10.1.5-h2, and as per KB article  if i'll use Paloalto Networks content signatures and action as sinkhole - i won't require DNS signature license.

 

and if i will go for DNS security signature, ill be requiring DNS license. 

 

correct me if i am wrong.

 

dns.jpg

0 Likes Likes

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎07-15-2022 05:36 AM

Thank you for reply @Doyenadmin, your understanding is correct.

 

Help the community: Like helpful comments and mark solutions.
  • 2 accepted solutions
  • 4328 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks