LIVEcommunity - Issue With DNS Suffix - LIVEcommunity

karthikeyanB · 4 weeks ago

Dear Team,

The challenge was that we need to do commit with wildcard in dns suffix ie. *.xyz.com but it failed ( PAN OS 9.1.7).

For workaround we have removed wildcard.

You seen in other firewall with panos 9.1.5 its having dns suffix with wildcard. For resolving dns suffix issue with wildcard,

After upgrading to panos from 9.1.5 to 9.1.7 why wildcard not taking in dns suffix.

Regards

Karthikeyan Balamurugan

NikolayDimitrov · 4 weeks ago

In GUI and system log is it written why the commit fails? In the CLI also check the managment plane ms.log and devsrv.log.

MickBall · 4 weeks ago

where exactly are you adding the wildcard suffix?

karthikeyanB · 4 weeks ago

We have added *(Star Symbol) i.e *.abc.com

in 9.1.5 its working ie *.abc.com

But in 9.1.7 *.abc.com is not working so we have changed to abc.com and we commit the changes then its works

karthikeyanB · 4 weeks ago

After removing * symbol its works

karthikeyanB · 4 weeks ago

This is we actually configured

Exclude Access Routes      :     
	DNS Servers                :      172.25.225.15
	DNS Suffix                 :     *.ibm.com abc.com xyz.com 123.com 
	config name                :  GW_Twitter_WFH
	User Groups                :     cn=palo_ssl_vpn_twitter,ou=groups,ou=special,ou=gps_bangalore_mtp,

MickBall · 4 weeks ago

are you adding this to a GP gateway\agent\network services.

could you post the cli command that you are using for this. or is it done via GUI.

karthikeyanB · 4 weeks ago

yup, the configuration done by GUI only

MickBall · 4 weeks ago

OK but where in the GUI

karthikeyanB · 4 weeks ago

Network Security

Cloud Security

Security Operations

Issue With DNS Suffix

Show your appreciation!