Palo Alto Networks evasion signatures detect
crafted HTTP or TLS requests, and can alert to instances where a
client connects to a domain other than the domain specified in a
DNS query. Evasion signatures are effective only when the firewall
is also enabled to act as a DNS proxy and resolve domain name queries.
As a best practice, take the following steps to enable evasion signatures.
Enable a firewall intermediate to clients and
servers to act as a DNS proxy.