The following section provides examples of how

Prisma Access

processes the source IP address of the DNS requests after you configure DNS resolution for mobile users and for remote networks.

The following figure show a deployment where you have assigned an internal DNS server to resolve both internal and external domains. In this case,

Prisma Access

does not proxy the DNS requests, and the DNS request is from Mobile User 1’s GlobalProtect client IP address. The GlobalProtect client assigns this IP address to the mobile user and it is taken from the mobile user location’s gateway IP address.

The following figure shows the DNS requests for internal domains being resolved by the DNS server in the headquarters or data center location, while requests for external domains are resolved by Prisma Access’ Cloud Default DNS server. In this case,

Prisma Access

proxies the requests for the external request, and the source IP address is the mobile user location’s gateway IP address (15.1.1.1 in this example), while the internal source IP remains as Mobile User 1’s GlobalProtect client IP address.

The following figure shows the organization using a third-party or public DNS server accessible through the internet for requests to external domains.

Prisma Access

proxies these requests as well.