Prisma access DNS proxy behavior with gateway agent DNS settings

Prisma access DNS proxy behavior with gateway agent DNS settings

5576
Created On 07/18/22 17:23 PM - Last Modified 04/20/24 02:35 AM


Symptom


  • Prisma Access DNS proxy forwards all DNS request to internal/specified DNS servers
  • GlobalProtect clients receive DNS server IPs instead of DNS Proxy IPs in DNS server configuration

Environment


  • Prisma Access
  • Mobile Users
  • GlobalProtect

Resolution


  1. Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. Prisma Access proxies the DNS request based on the configuration of your DNS servers.
  2. The following table shows the supported DNS resolution methods for internal and external domains and indicates when Prisma Access proxies the DNS requests.
  
Prisma Access DNS Proxy behavior as per configuration
 
  1. Prisma Access DNS proxy behavior will be overridden with DNS server configuration under Mobile_User_Template > Network > Gateways > GlobalProtect_External_Gateway > Agent >  [Config-Name] > Network Services > DNS Server
gateway agent network services DNS server settings
 
  1. Configure DNS servers and domain name lists at Panorama > Cloud Services > Configuration > Mobile Users - Global Protect > Onboarding > Networks Services to leverage Prisma access DNS proxy feature
Prisma access onboarding network services
 

Additional Information



                                   :
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wl1RCAQ&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail