Global Services Settings
To control and redirect DNS queries between shared and specific virtual systems, you can use a DNS proxy and a DNS Server profile.
Global Services Settings
Choose the type of DNS service: Server or DNS Proxy Object. This setting is used for all DNS queries that the firewall initiated in support of FQDN address objects, logging, and firewall management. Options include:
Primary DNS Server
Enter the IP address of the primary DNS server. The server is used for DNS queries from the firewall, for example, to find the update server, to resolve DNS entries in logs, or for FDQN-based address objects.
Secondary DNS Server
(Optional) Enter the IP address of a secondary DNS server to use if the primary server is unavailable.
This setting represents the IP address or host name of the server used to download updates from Palo Alto Networks. The current value is updates.paloaltonetworks.com. Do not change the server name unless instructed by technical support.
Verify Update Server Identity
If this option is enabled, the firewall or Panorama will verify that the server from which the software or content package is download has an SSL certificate signed by a trusted authority. This option adds an additional level of security for the communication between the firewall/Panorama server and the update server.
Proxy Server section
If the firewall needs to use a proxy server to reach Palo Alto Networks update services, enter the IP address or host name of the server.
Enter the port for the proxy server.
Enter the user name to access the server.
Enter and confirm the password for the user to access the proxy server.
NTP Server Address
Enter the IP address or hostname of an NTP server that you want to use to synchronize the firewall’s clock. Optionally enter the IP address or hostname of a second NTP server to synchronize the firewall’s clock with if the primary server becomes unavailable.
You can enable the firewall to authenticate time updates from an NTP server. For each NTP server, select the type of authentication for the firewall to use:
Perform Initial Configuration
Perform Initial Configuration By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these ...
Configure General Cluster Settings on Panorama
Configure General Cluster Settings on Panorama Some general settings are optional and some general settings are pre-populated with default values. It’s best to at least ...
Managed WildFire Cluster and Appliance Administration
Managed WildFire Cluster and Appliance Administration Select Panorama Managed WildFire Clusters and select a cluster to manage it or select a WildFire appliance ( Panorama ...
Use Case 1: Firewall Requires DNS Resolution for Management...
Use Case 1: Firewall Requires DNS Resolution for Management Purposes In this use case, the firewall is the client requesting DNS resolutions of FQDNs for ...
Configure the WildFire Appliance
Configure the WildFire Appliance This section describes the steps required to integrate a WildFire appliance into a network and perform basic setup. Rack mount and ...
DNS Proxy Object
DNS Proxy Object When configured as a DNS proxy, the firewall is an intermediary between DNS clients and servers; it acts as a DNS server ...
DNS Proxy Overview
DNS Proxy Overview You can configure the firewall to act as a DNS server. First, create a DNS proxy and select the interfaces to which ...
General Log Collector Settings
General Log Collector Settings Panorama > Managed Collectors > General Configure the settings as described in the following table to identify a Log Collector and ...
Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolut...
Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System In this use ...