Advanced DNS Security Powered by Precision AI®
Create Domain Exceptions and Allow | Block Lists (NGFW (Managed by PAN-OS or Panorama))
Table of Contents
Create Domain Exceptions and Allow | Block Lists (NGFW (Managed by PAN-OS or Panorama))
PAN-OS 10.0 and later releases provide
an additional option to explicitly add allowable domains through
the Anti-Spyware security profile. You can add domain/FQDN entries
for approved domain sources if they trigger a false-positive response
from DNS Security.
Create Domain Exceptions and Allow | Block Lists (PAN-OS 10.0 and later)
- Log in to the NGFW.Add domain signature exceptions in cases where false-positives occur.
- Select .Select a profile to modify.Add or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select DNS Exceptions.Search for a DNS signature to exclude by entering the name or FQDN.Select the checkbox for each Threat ID of the DNS signature that you want to exclude from enforcement.
![]()
Click OK to save your new or modified Anti-Spyware profile.Add an allow list to specify a list of DNS domains / FQDNs to be explicitly allowed.- Select .Select a profile to modify.Add or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select DNS Exceptions.To Add a new FQDN allow list entry, provide the DNS domain or FQDN location and a description.
![]()
Click OK to save your new or modified Anti-Spyware profile.Create Domain Exceptions and Allow | Block Lists (PAN-OS 9.1)
Allow and block lists are not available in PAN-OS 9.1.- Log in to the NGFW.Add domain signature exceptions in cases where false-positives occur.
- Select .Select a profile to modify.Add or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select DNS Signatures > Exceptions.Search for a DNS signature to exclude by entering the name or FQDN.Select the DNS Threat ID for the DNS signature that you want to exclude from enforcement.
![]()
Click OK to save your new or modified Anti-Spyware profile.
