Prisma Access

  1. Use the credentials associated with your Palo Alto Networks support account and log in to the Prisma Access application on the hub.
  2. Enable DNS Security is configured to inspect DNS requests. You can use your existing security profile if you want to use the same
    DNS Policies
    settings for DNS-over-TLS traffic.
  3. Create a decryption policy rule with an action to decrypt HTTPS traffic on port 853, which includes DNS-over-TLS traffic (refer to the Decryption Best Practices for more information). When DNS-over-TLS traffic is decrypted, the resulting DNS requests in the logs will appears as the conventional
  4. (Optional)
    Search for activity on the firewall for decrypted TLS-encrypted DNS queries that have been processed using DNS Security.
    1. Select
      Log Viewer
      and select
      logs. Use the query builder to filter based on the application using
      and port 853 (which is exclusively used for DNS-over-TLS transactions), for example,
      app = 'dns-base' AND source_port = 853
    2. Select a log entry to view the details of the detected DNS threat.
    3. The
      should display
      in the
      pane and the
      in the
      pane of the detailed log view. Other relevant details about the threat are displayed in their corresponding tabs.

Recommended For You