Dynamic DNS Registration Support for GlobalProtect Mobile Users
Focus
Focus
What's New in the NetSec Platform

Dynamic DNS Registration Support for GlobalProtect Mobile Users

Table of Contents

Dynamic DNS Registration Support for GlobalProtect Mobile Users

Prisma Access supports the updating of enterprise DNS servers with mobile users’ A and PTR records using DDNS registration. Read this section to learn how to enable this feature.
When a mobile user connects remotely to Prisma® Access using GlobalProtect®, your enterprise's DNS and IP Address Management (IPAM) servers do not update with the GlobalProtect gateway-assigned client IP address and endpoint FQDN. This results in your IT administrator and your apps not being able to identify and update remote endpoints with FQDN. With Dynamic DNS registration, Prisma Access integrates with IPAM vendors to dynamically create A and PTR records in the DNS servers with IPAM updates.
Dynamic DNS registration support for GlobalProtect mobile users offers the following benefits:
  • Direct integration with leading IPAM vendors such as InfoBlox, BlueCat, and Windows.
  • Dynamic DNS updates use either transaction signature (TSIG) or Kerberos as the authentication protocol to ensure secure updates to the DNS database.
  • Prisma Access performs real-time DDNS updates to the DNS server using batched nsupdate calls based on GlobalProtect® connect and disconnect events. These updates use a DDNS service on the Mobile Users Security Processing Node (MU-SPN).
The feature enables IT and help desk staff to easily manage and update GlobalProtect® endpoints using the device's FQDN.