How To Disable the DNS Security Feature from an Anti-Spyware Profile

How To Disable the DNS Security Feature from an Anti-Spyware Profile

12576
Created On 01/07/22 16:13 PM - Last Modified 06/01/23 07:11 AM


Objective


Disabling the DNS security feature that is present inside an Anti-Spyware Profile.

Environment


  • Palo Alto Networks Firewall
  • PAN-OS 10.0 and above.

Procedure


  1. On the GUI, go to the Anti-Spyware profile (GUI: Objects > Security Profile > Anti-Spyware Profile > (name).
  2. Go to DNS Policies and set all Policy Actions as "allow" and all Packet Captures as "disable".
  3. Set the Log Severity for all categories to "none"
  4. Remove all DNS Domain/FQDN Allow List entries in the DNS Exceptions tab
  5. Commit the configuration.
                                                                                        

Additional Information


On PAN-OS versions lower than 10.0, instead of "DNS Policies" it is named as "DNS Signatures > Policies and Settings".

Administrator’s Guide: Enable DNS Security
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMyDCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language