Advanced DNS Security Powered by Precision AI®
Bypass DNS Security Subscriptions Services (NGFW (Managed by PAN-OS or Panorama))
Table of Contents
Bypass DNS Security Subscriptions Services (NGFW (Managed by PAN-OS or Panorama))
PAN-OS 10.0 and later supports individually
configurable DNS signature sources, which enables you to define
separate policy actions as well as a log severity level for a given
signature source. This requires you to configure both the policy
action and the log severity for each available DNS signature source
to bypass DNS Security. Additionally, you must also remove the DNS
exceptions entries for the DNS Security to be fully bypassed. On
PAN-OS 9.1, you can simply set the policy action for Palo Alto Networks
DNS Security to an action of allow.
Bypass DNS Security Subscriptions Services (PAN-OS 10.0 and later)
- Log in to the NGFW.Configure the DNS Security signature policy settings to bypass DNS Security queries.
- Select ObjectsSecurity ProfilesAnti-Spyware.Select the profile containing your active DNS Security policy settings.Select the DNS Policies tab.For each DNS category, set the log severity to none, the policy action to allow, and packet capture to disable. In the following, the DNS Security categories have been configured to bypass DNS Security queries.Select DNS Exceptions and remove all DNS Domain/FQDN Allow List entries.Click OK to save the Anti-Spyware profile.
Bypass DNS Security Subscriptions Services (PAN-OS 9.1)
- Log in to the NGFW.Configure DNS Security signature policy settings to bypass DNS Security look-ups.
- Select ObjectsSecurity ProfilesAnti-Spyware.Select the profile containing your active DNS Security policy settings.Select the DNS Signatures tab.Under Policies & Settings, set the policy action for Palo Alto Networks DNS Security to an action of allow.Click OK to save the Anti-Spyware profile.