Focus

Prisma Access

DNS Resolution for Agent-Based Deployments

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

DNS Resolution for Agent-Based and Remote Network Deployments

DNS Resolution for Remote Networks

DNS Resolution for Agent-Based Deployments

Learn about DNS resolution for Mobile Users—GlobalProtect or Prisma Access Agent deployments.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	Prisma Access license

The following section provides examples of how Prisma Access processes the source IP address of the DNS requests after you configure DNS resolution for mobile users and for remote networks.

The following figure shows a deployment where you have assigned an internal DNS server to resolve both internal and external domains. In this case, Prisma Access does not proxy the DNS requests, and the DNS request is from Mobile User 1’s agent IP address. The agent (for example, GlobalProtect app or Prisma Access Agent) assigns this IP address to the mobile user IP address pool.

The following figure shows the DNS requests for internal domains being resolved by the DNS server in the headquarters or data center location, while requests for external domains are resolved by Prisma Access’ Cloud Default DNS server. In this case, Prisma Access proxies the requests for both the internal and external requests.

For DNS requests for internal domains, the source IP address is the gateway IP address used for the mobile user IP address pool. For example, given a mobile user IP address pool of 172.16.55.0/24, Prisma Access uses the IP source address of 172.16.55.1.
For DNS requests for external domains, the source IP address is 15.1.1.1 after Prisma Access performs NAT.

The following figure shows the DNS requests for internal domains being resolved by the DNS server in the headquarters or data center location, while requests for external domains are resolved using a third-party or public DNS server accessible through the internet. Prisma Access proxies for both the internal and external requests.The DNS proxy behavior is the same as the previous use case:

For DNS requests for internal domains, the source IP address is the gateway IP address used for the mobile user IP address pool. For example, given a mobile user IP address pool of 172.16.55.0/24, Prisma Access uses the IP source address of 172.16.55.1.
For DNS requests for external domains, the source IP address is 15.1.1.1 after Prisma Access performs NAT.

DNS Resolution for Agent-Based and Remote Network Deployments

DNS Resolution for Remote Networks

Prisma Access Docs

DNS Resolution for Agent-Based Deployments

Prisma Access Docs

DNS Resolution for Agent-Based Deployments

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner