The following section provides examples of how Prisma Access processes the source IP address of the DNS requests after you configure DNS resolution for mobile users and for remote networks.

The following figure show a deployment where you have assigned an internal DNS server to resolve both internal and external domains. In this case, Prisma Access does not proxy the DNS requests, and the DNS request is from Mobile User 1’s GlobalProtect client IP address. The GlobalProtect client assigns this IP address to the mobile user and it is taken from the mobile user location’s gateway IP address.

The following figure shows the DNS requests for internal domains being resolved by the DNS server in the headquarters or data center location, while requests for external domains are resolved by Prisma Access’ Cloud Default DNS server. In this case, Prisma Access proxies the requests for the external request, and the source IP address is the Prisma Access gateway IP address (15.1.1.1 in this example), while the internal source IP remains as Mobile User 1’s GlobalProtect client IP address.

The following figure shows the organization using a third-party or public DNS server accessible through the internet for requests to external domains. Prisma Access proxies these requests as well.