Address object Best Practices FQDN or IP Address

Reply
Highlighted
L1 Bithead

Address object Best Practices FQDN or IP Address

Is there any down side to referencing your address objects using FQDN? Does it add significant load to the PA?

Highlighted
L7 Applicator

Hello x2apwait,

As per my understanding, it would not make any load to the PAN FW. The PAN firewall will automatically refresh the FQDN table every 15 minutes. The same job can be monitor    through CLI command >show jobs all.

Thanks

Highlighted
L7 Applicator

+1 on HULK's info. I wanted to add that, It depends on the FQDN.

Don't use FQDN's for large corporations, where they either use CDN's or round robin DNS. Because the frequency is a 15 minute refresh, there's no real time DNS resolution for FQDN's. This may lead to incorrect or unexpected behaviors.

There's also another practice, that is, to give you a long list of possible IP's on a single A record. The firewall will only grab the first ten provided on that long list.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!