DNS Resolution for Remote Networks
Focus
Focus
Prisma Access

DNS Resolution for Remote Networks

Table of Contents

DNS Resolution for Remote Networks

Learn about DNS resolution for Prisma Access Remote Network deployments.
Where Can I Use This?What Do I Need?
  • Panorama
  • Prisma Access license
If you have an existing remote network deployment, you can continue to use the DNS resolution methods that you already have in place, or you can use Prisma Access to proxy the DNS request. Proxying the DNS requests allows you to send DNS requests for public domains to one server and send DNS request for internal domains to another server.
The following figure shows a DNS request to a deployment where an internal DNS server is used to process requests for both internal and external domains. The remote network IP address is 35.1.1.1 and the EBGP Router IP address is 172.1.1.1. In this case, Prisma Access does not proxy the requests and, if the internal DNS server does not use NAT, the source IP of the DNS request is 10.1.1.1 (the IP address of Client 1’s device in the remote network site).
If Prisma Access proxies the DNS request, the source IP addresses of the proxied DNS requests changes to the EBGP Router Address for internal requests and the Service IP Addressof the remote network connection for external requests, as shown in the following figure.
When you configure the DNS address in your network to use for Prisma Access proxied external requests, specify the Remote Network DNS Proxy IP Address ( PanoramaCloud ServicesStatusService InfrastructureRemote Network DNS Proxy IP Address). In the following example, you would specify 172.1.255.254 in your network for the DNS server.