02-10-2015 09:20 AM
Is there any down side to referencing your address objects using FQDN? Does it add significant load to the PA?
02-10-2015 09:28 AM
As per my understanding, it would not make any load to the PAN FW. The PAN firewall will automatically refresh the FQDN table every 15 minutes. The same job can be monitor through CLI command >show jobs all.
02-10-2015 10:54 AM
+1 on HULK's info. I wanted to add that, It depends on the FQDN.
Don't use FQDN's for large corporations, where they either use CDN's or round robin DNS. Because the frequency is a 15 minute refresh, there's no real time DNS resolution for FQDN's. This may lead to incorrect or unexpected behaviors.
There's also another practice, that is, to give you a long list of possible IP's on a single A record. The firewall will only grab the first ten provided on that long list.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!