- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-25-2017 04:41 AM
Hi,
We have added several FQDN objects and its not working. If we run
update.symantec.com (Objectname update.symantec.com):
Not resolved
us.archive.ubuntu.com (Objectname us.archive.ubuntu.com):
Not used
xxxxxxx (Objectname HOST_xxxx13):
Not resolved
2017/04/25 13:35:54 29960 FqdnRefresh FIN FAIL 13:36:04
2017/04/25 13:31:44 29959 FqdnRefresh FIN FAIL 13:31:53
2017/04/25 13:30:32 29958 WildFire FIN OK 13:30:34
2017/04/25 13:30:25 29957 Install FIN OK 13:30:32
2017/04/25 13:30:23 29956 Downld FIN OK 13:30:25
2017/04/25 13:24:28 29954 FqdnRefresh FIN FAIL 13:24:39
2017/04/25 13:15:33 29953 WildFire FIN OK 13:15:37
2017/04/25 13:15:25 29952 Install FIN OK 13:15:33
Why PA is getting errors in FQDN jobs?? we dont see any details or info. We can reach DNS servers and everything.
show jobs id 29959
Enqueued ID Type Status Result Completed
2017/04/25 13:31:44 29959 FqdnRefresh FIN FAIL 13:31:53
Warnings:
Details:
04-25-2017 05:14 PM
I doubt TAC will touch a 7.0.6 install. the first thing they're going to recommend is upgrading to a newer version like 7.0.15, whether it's a known issue or not.
04-26-2017 12:41 AM
I believe it is still supported release as per EOL notes so they should investigate this properly unless we are missing something simple;0
04-27-2017 03:55 AM
I replicated same PanOS and host FQDN in my lab and its working fine. But i dont have FQDNrefresh FAILED. :S
04-27-2017 05:40 AM - edited 04-27-2017 11:45 AM
Not sure it is possible to give a firewall data plane reboot or whole box reboot. To me, it is a software issue, maybe some process stuck/crash at some point otherwise l do not have any other thoughts. I know it is not an ideal scenario but if possible give a go. Then as a next step please get in touch with TAC and see what they will suggest.
05-23-2017 11:47 AM
I have the exact same issue since upgrading to Panorama 8.0.2 it causes my firewalls no matter the model or OS to go to FQDN fail after a commit. I have an open TAC case but have not found a fix. We do have a work around as follows:
The only way to get it to work is to restart the the device-server, then do a force commit and then do a fqdn force refresh.
pa5020-a(active)> debug software restart process device-server
pa5020-a(active)> configure
Entering configuration mode
[edit]
pa5020-a(active)# commit force
pa5020-a(active)# exit
Exiting configuration mode
pa5020-a(active)> request system fqdn refresh force yes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!