DNS Resolution for Mobile Users—GlobalProtect Deployments
Learn about DNS resolution for Mobile User—GlobalProtect
deployments.
The following section provides examples of how Prisma
Access processes the source IP address of the DNS requests after
you configure DNS resolution for mobile users and for remote networks.
The following figure show a deployment where you have assigned
an internal DNS server to resolve both internal and external domains.
In this case, Prisma Access does not proxy the DNS requests, and the
DNS request is from Mobile User 1’s GlobalProtect client IP address.
The GlobalProtect client assigns this IP address to the mobile user
and it is taken from the Mobile User IP
address pool.
The following figure shows the DNS requests for internal domains
being resolved by the DNS server in the headquarters or data center
location, while requests for external domains are resolved by Prisma Access’
Cloud Default DNS server. In this case, Prisma Access proxies the
requests for the external request, and the source IP address is
the mobile user location’s
gateway IP address (15.1.1.1 in this example), while the
internal source IP remains as Mobile User 1’s GlobalProtect client IP
address.
The following figure shows the organization using a third-party
or public DNS server accessible through the internet for requests
to external domains. Prisma Access proxies these requests as well.