>
    Strata Copilot
    DNS for Prisma Access
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Administration
    4. Prisma Access Setup
    5. DNS for Prisma Access
    Download PDF
    Prisma Access

    DNS for Prisma Access

    Table of Contents

    DNS for Prisma Access

    Learn about DNS for Prisma Access.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access license
    Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. Do this to provide access to services on your corporate network—like LDAP and DNS servers—especially if you plan to set up service connections to provide access to these type of resources at HQ or in data centers. Prisma Access supports DNS resolution for mobile users- Global Protect and remote networks deployments. DNS queries for domains in the Internal Domain List are sent to your local DNS servers to ensure that resources are available to Prisma Access remote network users and mobile users.
    These settings only apply for internal DNS resolution in the Prisma Access infrastructure. See the procedures in this section for more information.

    DNS for Prisma Access (Strata Cloud Manager)

    Enable Prisma Access to resolve both internal and public domains. You can choose to use Prisma Access DNS or let Prisma Access leverage your organization’s DNS setup.
    Here’s how to set up Prisma Access to resolve internal domains in the Prisma Access infrastructure for mobile user deployments and remote network sites.
    These settings only apply for internal DNS resolution in the Prisma Access infrastructure (for example, internal FQDNs that you use in policies). To specify internal DNS resolution for GlobalProtect mobile users, go to ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessGlobalProtectInfrastructureInfrastructure SettingsResolve Internal Domains.
    1. Select ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessPrisma Access Infrastructure and Add Internal DNS Servers.
    2. Enter the primary DNS server and secondary DNS server that Prisma Access should use to resolve the internal domain names.
    3. Add the internal domain names to send to these DNS servers for resolution.
      You can use a wildcard (*) in front of the domains in the domain list, for example *.acme.local or *.acme.com.

    DNS for Prisma Access (Panorama)

    Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains.
    Set up Prisma Access to resolve internal domains in the Prisma Access infrastructure.
    These settings only apply for internal DNS resolution in the Prisma Access infrastructure (for example, internal FQDNs that you use in policies). To specify internal DNS resolution for GlobalProtect mobile users, go to PanoramaCloud ServicesConfigurationMobile Users—GlobalProtectNetwork ServicesInternal Domains.
    1. Select PanoramaCloud ServicesConfigurationService Setup and click the gear icon to edit the Settings.
    2. Select the Internal Domain List tab.
    3. Add the Domain Names, Primary DNS, and Secondary DNS servers that you want Prisma Access to use to resolve your internal domain names.
      You can use a wildcard (*) in front of the domains in the domain list; for example *.acme.local or *.acme.com.

    © 2026 Palo Alto Networks, Inc. All rights reserved.