good work mate. keep it going.... how come you transition from Mode44 to fashion44 :) whats story behind? and other question. PA with DNS proxy in cooperation with X-forward-for? any practical info? as dns proxy, there will be no log from the real IP. any efficient way to find out who is the original requestor. im getting alot of logs hitting sinkhole and would like to know the real originator. thanks in advance
For the DNS question what I would do is ensure that the sinkhole address is in a zone that means the traffic has to pass through the firewall to get to it, create a rule and log on that or simply run a report for hosts using the sinkhole address for normal traffic say SSL for example, the initial DNS query and DNS security logs will show the proxy as it is the proxy making the DNS lookup but there will also be the hosts that have been given the sinkhole address trying to use it to get out. Hope that is helpful!
This is great, I just got a job on a PaloAlto migration and your youtube videos are going to help me a lot. I will donate to your channel.
Hi
Wow, thank you! I am glad it helped so much, thank you as always for watching!
you are very welcome!
Another great video. Thanks.
Thank you very much!
good work mate. keep it going.... how come you transition from Mode44 to fashion44 :) whats story behind?
and other question. PA with DNS proxy in cooperation with X-forward-for? any practical info? as dns proxy, there will be no log from the real IP. any efficient way to find out who is the original requestor. im getting alot of logs hitting sinkhole and would like to know the real originator.
thanks in advance
Fashion44 :) is there something I have missed? lol
For the DNS question what I would do is ensure that the sinkhole address is in a zone that means the traffic has to pass through the firewall to get to it, create a rule and log on that or simply run a report for hosts using the sinkhole address for normal traffic say SSL for example, the initial DNS query and DNS security logs will show the proxy as it is the proxy making the DNS lookup but there will also be the hosts that have been given the sinkhole address trying to use it to get out.
Hope that is helpful!