DNS Resolution for Mobile Users—Explicit Proxy Deployments

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

IP Address Optimization for Explicit Proxy Users- Proxy Deployments

View User to IP Address or User Groups Mappings

DNS Resolution for Mobile Users—Explicit Proxy Deployments

Shows the possible configurations you can use for Prisma Access to resolve DNS queries for Explicit Proxy users.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) If you'd like to use this feature in your Prisma Access environment, get in touch with your account team to learn more.	Prisma Access license Prisma Access version 5.2.0

Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. Prisma Access proxies the DNS request based on the configuration of your DNS servers. Explicit Proxy supports the following DNS functionalities:

Using a third-party browser with Explicit Proxy
Using a per-region DNS server with Prisma Access Browser

DNS Proxy for Explicit Proxy configuration takes precedence over internal DNS Servers settings defined underPrisma Access Setup.
After enabling the DNS Proxy for Explicit Proxy, you have to migrate the existing DNS configuration from Prisma Access SetupInternal DNS Servers to WorkflowsPrisma Access SetupExplicit ProxyInfrastructure SettingsDNS Proxy

Configure DNS Settings

To configure DNS Proxy settings, complete the following steps:

Add an Explicit Proxy DNS server rule.
1. Go to WorkflowsPrisma Access SetupExplicit ProxyInfrastructure Settings.
2. Click the settings icon and go to Client DNS.
3. Add Region and give it a unique name.
4. Select a region or location or select Worldwide.
  
  If you specify multiple proxy settings with a mix of Worldwide and theater settings, Prisma Access uses the settings for the location group, then theater, then Worldwide. Prisma Access evaluates the rules from top to bottom in the list.
5. Add the DNS Server's IP address.
Choose whether or not you want Prisma Access to Resolve internal domains; if you do, Add one or more Internal Domain Resolve Rules.
Add and define the Internal Domain Resolve Rules.

Currently, Internal Domain Resolve Rules is only supported for Prisma Access Browser and Agent Proxy.
Add a unique Name for the rule and a custom IP address under Primary DNS and Secondary DNS.
Select Prisma Access Default to use the default Prisma Access DNS server to resolve internal domains. If you want your internal DNS server to only resolve the domains you specify, enter the domains to resolve in the Domain List.
If you have a Custom DNS server that can access your internal domains, specify the Primary DNS and Secondary DNS server IP addresses.
If you want your internal DNS server to only resolve the domains you specify, enter the domains to resolve in the Domain Lists. Specify an asterisk in front of the domain; for example, *.acme.com. Click Save
Push Config to save and push your configuration changes.