Configure System for DNS Survivability

Prisma SD-WAN Configure DNS Survivability Use case.
Configure the system to facilitate the DNS survivability use case.
  1. From the Prisma SD-WAN web interface, navigate to
    Stacked Policies
    DNS Service
    DNS Service Roles
    and create a new service role called
  2. Navigate to
    DNS Service
    DNS Service Profiles
    and click to
    a new DNS service profile.
  3. On the
    screen, enter a name for the DNS profile and add a
    DNS Server
    1. Specify the internal DNS server IP address.
    2. Select
      Domain Names
      and define all internal top-level domain names. For example,
    3. Specify the Listen and Forward
      DNS Service Roles
      created in Step 1.
    4. Click
      Repeat the procedure per internal DNS server system.
  4. Add a
    DNS Server
    DNS Servers
    1. Specify the internet DNS Server IP address.
    2. Specify the
      DNS Service Roles
      , Listen and Forward, created in Step 1.
      Do not enter the Domain Name.
    3. Click
      Repeat the procedure per internet DNS server system.
    4. Click
  5. Configure the ION device to use the DNS service.
    1. Navigate to the ION configuration page and select
      DNS Service
    2. Enter a name for the
      DNS service
      and select the
      DNS Profile
      created in Step 2.
    3. In
      DNS Service Role Bindings
      , click
    4. Select the
      DNS Role
      , Listen and Forward from the drop-down.
    5. Select all relevant LAN interfaces that will receive and forward the requests and
      the service.
    6. Click
      The DNS service configuration is now enabled on the ION device and will answer DNS queries on the selected interfaces. After testing that the Prisma SD-WAN DNS service is configured per requirements, the DNS server IP addresses can be changed in the DHCP scope to the respective default gateway (ION LAN interfaces), the branch subnets, or specified manually on systems with static IP configuration.
      With the Prisma SD-WAN system deployed and the DNS service enabled, the branch systems utilizing SaaS services no longer rely on the centralized data center resources to function. In the event of a data center failure, none of the SaaS application services will be affected. This is due to all necessary functions delivered by the ION device through the DNS service and the ability to put trusted SaaS application traffic directly onto the internet with a scalable and straightforward path policy rule.

Recommended For You