Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

Reply
L1 Bithead

Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

I am starting to build a clientless vpn setup, but I am getting errors when building a DNS Proxy and DNS Server Profile. 

I get this error msg. I tried ethernet, tunnels and loopback interfaces and they all failed. I tried following the instructions but i get the same error message. Does it matter if use the a loopback or tunnel interface? all of them are set for "layer 3". not sure why its calling it "invalid". 

 

Details:

Validation Error:

dns-proxy -> DNS-Proxy -> interface 'loopback.998' is not a valid reference

dns-proxy -> DNS-Proxy -> interface is invalid

No DNS default obj found

(Module: dnsproxyd)

Commit Failed. 

 

https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/globalprotect-clientless-vpn...

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/dns/configure-a-dns-proxy-objec...

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/dns/configure-a-dns-server-prof...

L1 Bithead

Re: Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

btw..I get the error as I commit to Template from Panorama. 

L7 Applicator

Re: Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

@mypasecure2017,

So from the message that the validation is giving you it would appear that you are attempting to use a loopback interface that doesn't exist. Are you sure that the template actually includes the 'loopback.998' interface that you are trying to use here? 

L1 Bithead

Re: Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

Yes. I am sure because I ran into similar issues like it and fixed it. But this time with DNS Proxy nothing seems to work regardless which interface I use. I suspect that there is a sync problem between Panorama and the firewall device because I created a tunnel and loopback interface within Panorama but only partial configs was pushed to the firewall device. I am not sure how or where I can go to find what items are synced between Panorama and the firewall.  

L4 Transporter

Re: Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!