Use the credentials associated with your Palo
Alto Networks support account and log in to the Prisma Access application
on the hub.
Enable DNS Security is configured
to inspect DNS requests. You can use your existing security profile
if you want to use the same
for DNS-over-TLS traffic.
Create a decryption policy rule with
an action to decrypt HTTPS traffic on port 853, which includes DNS-over-TLS
traffic (refer to the Decryption Best Practices for
more information). When DNS-over-TLS traffic is decrypted, the resulting
DNS requests in the logs will appears as the conventional
Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
Use the query builder to filter based on the application using
port 853 (which is exclusively used for DNS-over-TLS transactions),
app = 'dns-base' AND source_port = 853
Select a log entry to view the details of the detected
pane and the
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding