This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Can't create DNS Proxy using Panorama

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Can't create DNS Proxy using Panorama

Marivi
L2 Linker

‎04-13-2018 03:07 PM

ISSUE

When try to configure DNS Proxy with panorama after commit we get next message error:

dns-proxy -> xxxxx-> server-profile 'yyyyy' is not a valid reference
dns-proxy -> LAN_speedup -> server-profile is invalid

 

xxxxx ->dns proxy configured

yyyyy ->server dns profile created

 

RESOLUTION

The DNS server profile was added as a feature primarily for the config of DNS proxy under Virtual Systems configuration. Hence this is virtual system specific setting which is what we currently have designed it for.

the recommendation is to choose the location as Shared for now to ensure commits work properly.

 

If your device don't  support Multi Vsys,  you try next workaround:

- Disable multi vsys in panorama
- Now, create a DNS proxy object or a different template with DNS proxy object so that it could be used for those firewalls which does not have multi vsys or not enabled it
- Now, turn on the multi vsys feature on Panorama
-  (if you have other fw which support multi vsys) Create new DNS proxy object or new template with DNS proxy object so that it can be used to push to the firewalls having multi vsys environment.

7 people had this problem.
6 REPLIES 6

GaryOssewa
L1 Bithead

‎02-01-2021 01:40 PM

I've had this same issue, still on 9.0.9 code. Is this fixed in a later version?

dkane66
L2 Linker

‎05-13-2022 08:27 AM

I am running 10.1.4 and you still need to disable the MultiVsys option for this within Panorama.

0 Likes Likes

ederg
L2 Linker

‎10-11-2022 01:52 AM

Still in here in 10.2.3., with MultyVsys enabled.

0 Likes Likes

JasonPeterson
L1 Bithead

‎11-04-2022 10:37 AM

If you create your proxy as shared, then we are unable to use variables for the DNS Servers, which then requires a static config.  Anyway around this?

LucG
L0 Member
In response to JasonPeterson

‎07-27-2023 02:32 AM

Yes, I agree we then can't use variables which is very cumbersome as then we need to create a Proxy_DNS template per FW with the correct values...

0 Likes Likes

dkane66
L2 Linker

‎07-27-2023 07:25 AM

I lucked out on this one as all of my devices that are using DNS Proxy only have a single VSYS. That has allowed me to create a Template that has DNS proxy within it. I did have to create an individual template for each region, this means I only have 5 or so templates to update instead of hundreds. Best thing you can do is try to limit the pain by either creating a specific template just for DNS proxy for all of your devices and just overriding the parts that need it in the xstack.

0 Likes Likes
  • 6645 Views
  • 6 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks