FQDN jobs FAILED

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

FQDN jobs FAILED

Hi,

 

We have added several FQDN objects and its not working. If we run

 

update.symantec.com (Objectname update.symantec.com):

Not resolved

us.archive.ubuntu.com (Objectname us.archive.ubuntu.com):

Not used

xxxxxxx (Objectname HOST_xxxx13):

Not resolved

 

2017/04/25 13:35:54 29960 FqdnRefresh FIN FAIL 13:36:04
2017/04/25 13:31:44 29959 FqdnRefresh FIN FAIL 13:31:53
2017/04/25 13:30:32 29958 WildFire FIN OK 13:30:34
2017/04/25 13:30:25 29957 Install FIN OK 13:30:32
2017/04/25 13:30:23 29956 Downld FIN OK 13:30:25
2017/04/25 13:24:28 29954 FqdnRefresh FIN FAIL 13:24:39
2017/04/25 13:15:33 29953 WildFire FIN OK 13:15:37
2017/04/25 13:15:25 29952 Install FIN OK 13:15:33

 

Why PA is getting errors in FQDN jobs?? we dont see any details or info. We can reach DNS servers and everything.

 

 

show jobs id 29959

Enqueued ID Type Status Result Completed

2017/04/25 13:31:44 29959 FqdnRefresh FIN FAIL 13:31:53
Warnings:
Details:

19 REPLIES 19

I doubt TAC will touch a 7.0.6 install. the first thing they're going to recommend is upgrading to a newer version like 7.0.15, whether it's a known issue or not.

--
CCNA Security, PCNSE7

L6 Presenter

I believe it is still supported release as per EOL notes so they should investigate this properly unless we are missing something simple;0

 

 

I replicated same PanOS and host FQDN in my lab and its working fine. But i dont have FQDNrefresh FAILED. :S

Not sure it is possible to give a firewall data plane reboot or whole box reboot. To me, it is a software issue,  maybe some process stuck/crash at some point otherwise l do not have any other thoughts. I know it is not an ideal scenario but if possible give a go.  Then as a next step please get in touch with TAC and see what they will suggest. 

I have the exact same issue since upgrading to Panorama 8.0.2 it causes my firewalls no matter the model or OS to go to FQDN fail after a commit. I have an open TAC case but have not found a fix. We do have a work around as follows:

 

The only way to get it to work is to restart the the device-server, then do a force commit and then do a fqdn force refresh. 

pa5020-a(active)> debug software restart process device-server
pa5020-a(active)> configure
Entering configuration mode
[edit]
pa5020-a(active)# commit force
pa5020-a(active)# exit
Exiting configuration mode
pa5020-a(active)> request system fqdn refresh force yes

  • 7429 Views
  • 19 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!