How to Change the FQDN Refresh Timers

How to Change the FQDN Refresh Timers

96968
Created On 09/25/18 17:51 PM - Last Modified 06/05/23 08:03 AM


Resolution


Overview

FQDN refresh timers are used to check the mapping between an IP address and a fully-qualified domain name.

By default, Palo Alto Networks devices perform this check every 30 minutes.

 

Details

The FQDN refresh timers can be configured from the CLI only, with the following commands:

> configure

# set deviceconfig system fqdn-refresh-time <1800-14399>

# commit

 

Beginning in PAN-OS 6.1, the fqdn-refresh time down can be reduced to 10 minutes, although the default refresh time would still be 30 minutes.

> configure

# set deviceconfig system fqdn-refresh-time <600-14399> (in seconds)

# commit

 

For example, while running PAN-OS 6.1, the following output shows that the refresh happened in ten minutes.

Test.jpg

 

On all PAN-OS versions, the FQDN refresh time change can be verified with the show jobs all command. The following output example shows the FQDN refresh time set to 1 hour:

>show jobs all

 

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2013/05/13 15:49:16          11      FqdnRefresh       FIN     OK 15:49:16

2013/05/13 14:49:13          10      FqdnRefresh       FIN     OK 14:49:14

2013/05/13 13:49:10           9      FqdnRefresh       FIN     OK 13:49:11

 

owner: nayubi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKbCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language