Learn about DNS resolution for Prisma Access Remote Network
deployments.
If you have an existing remote network deployment, you
can continue to use the DNS resolution methods that you already
have in place, or you can use Prisma Access to proxy the DNS request.
Proxying the DNS requests allows you to send DNS requests for public
domains to one server and send DNS request for internal domains
to another server.
The following figure shows a DNS request to a deployment where
an internal DNS server is used to process requests for both internal
and external domains. The remote network IP
address is 35.1.1.1 and the EBGP Router IP
address is 172.1.1.1. In this case, Prisma Access does not proxy
the requests and, if the internal DNS server does not use NAT, the
source IP of the DNS request is 10.1.1.1 (the IP address of Client
1’s device in the remote network site).
If Prisma Access proxies the DNS request, the source IP addresses
of the proxied DNS requests changes to the EBGP Router Address for
internal requests and the Service IP Address of
the remote network connection for external requests, as shown in the
following figure.
When you configure the DNS address in your network to use
for Prisma Access proxied external requests, specify the Remote
Network DNS Proxy IP Address ( PanoramaCloud ServicesStatusService InfrastructureRemote Network
DNS Proxy IP Address). In the following
example, you would specify 172.1.255.254 in your network for the
DNS server.