PAN-OS 10.0 and later supports individually configurable DNS signature sources, which enables you to define separate policy actions as well as a log severity level for a given signature source. This enables you to create discrete, precise security actions based on the threat posture of a domain type according to your network security protocols. The DNS signature source definitions are extensible through PAN-OS content releases so, when new DNS Security analyzers are introduced, you are able to create specific policies based on the nature of the threat.Upon upgrade to PAN-OS 10.0 and later, the DNS Security source gets redefined into new categories to provide extended granular controls; as a result, the new categories will overwrite the previously defined action and acquire default settings. Make sure to reapply any sinkhole, log severity, and packet captures settings appropriate for the newly defined DNS Security Categories.

Recommended For You