Use Case 1: Firewall Requires DNS Resolution for Management Purposes
In this use case, the firewall is the client requesting DNS resolutions of FQDNs for management events such as software update services, dynamic software updates, or WildFire. The shared, global DNS services perform the DNS resolution for the management plane functions.
- Configure the primary and secondary DNS servers
you want the firewall to use for its management DNS resolutions.You must manually configure at least one DNS server on the firewall or it won’t be able to resolve hostnames; it won’t use DNS server settings from another source, such as an ISP.
- Select DeviceSetupServicesGlobal and Edit. (For firewalls that do not support multiple virtual systems, there is no Global tab; simply edit the Services.)
- On the Services tab, for DNS, click Servers and enter the Primary DNS Server address and Secondary DNS Server address.
- Click OK and Commit.
- Alternatively, you can configure a DNS
Proxy Object if you want to configure advanced DNS functions
such as split DNS, DNS proxy overrides, DNS proxy rules, static
entries, or DNS inheritance.
- Select DeviceSetupServicesGlobal and Edit.
- On the Services tab, for DNS, select DNS Proxy Object.
- From the DNS Proxy drop-down,
select the DNS proxy that you want to use to configure global DNS
services, or click DNS Proxy to configure
a new DNS proxy object as follows:
- Click Enable and enter a Name for the DNS proxy object.
- For Location, select Shared for global, firewall-wide DNS proxy services.Shared DNS proxy objects don’t use DNS server profiles because they don’t require a specific service route belonging to a tenant virtual system.
- Enter the Primary DNS server IP address. Optionally enter a Secondary DNS server IP address.
- Click OK and Commit.
Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolut...
Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System In this use ...
Multi-Tenant DNS Deployments
Multi-Tenant DNS Deployments The firewall determines how to handle DNS requests based on where the request originated. An environment where an ISP has multiple tenants ...
Configure a DNS Proxy Object
Configure a DNS Proxy Object If your firewall is to act as a DNS proxy, perform this task to configure a DNS Proxy Object . ...
DNS Domain Name System (DNS) is a protocol that translates (resolves) a user-friendly domain name, such as www.paloaltonetworks.com, to an IP address so that users ...
DNS Proxy Object
DNS Proxy Object When configured as a DNS proxy, the firewall is an intermediary between DNS clients and servers; it acts as a DNS server ...
DNS Overview DNS performs a crucial role in enabling user access to network resources so that users need not remember IP addresses and individual computers ...
DNS Proxy Settings
DNS Proxy Settings Click Add and configure the firewall to act as a DNS proxy. You can configure a maximum of 256 DNS proxies on ...
Global Services Settings
Global Services Settings To control and redirect DNS queries between shared and specific virtual systems, you can use a DNS proxy and a DNS Server ...
Perform Initial Configuration
Perform Initial Configuration By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these ...