Beruflich Dokumente
Kultur Dokumente
created by achalla on Jun 24, 2014 1:55 PM, last modified by panagent on Jul 4, 2014 12:33 PM
PAN-OS 6.0
Details
Enabling passive DNS monitoring is an opt-in feature in PAN-OS 6.0 or later. It enables the Palo Alto Networks
firewall to act as a passive DNS sensor and send select DNS information to Palo Alto Networks for analysis in
order to improve threat intelligence and threat prevention capabilities.
The DNS responses are only forwarded to the Palo Alto Networks and are only forwarded when the following
requirements are met:
1. DNS response bit is set
2. DNS truncated bit is not set
3. DNS recursive bit is not set
4. DNS response code is 0 or 3 (NX)
5. DNS question count bigger than 0
6. DNS Answer RR count is bigger than 0 or if it is 0, the flags need to be 3 (NX)
7. DNS query record type are "A,NS,CNAME, AAAA, MX"
To enable the passive DNS monitoring on a Palo Alto Networks firewall go to: Objects > Security Profiles > Anti-
Spyware Profile > DNS Signatures and check the box Enable Passive DNS Monitoring, and commit the changes:
https://live.paloaltonetworks.com/docs/DOC-7256 Page 1 of 3
What Information is Submitted to the Palo Alto ... | Palo Alto Networks Live 3/24/15, 5:38 AM
owner: achalla
699 Views Categories: Setup, Management & Administration Tags: passive_dns, dns_monitoring
(2 ratings)
0 Comments
https://live.paloaltonetworks.com/docs/DOC-7256 Page 2 of 3
What Information is Submitted to the Palo Alto ... | Palo Alto Networks Live 3/24/15, 5:38 AM
https://live.paloaltonetworks.com/docs/DOC-7256 Page 3 of 3