PANOS 9.0 DDNS PPPoE

Reply
Highlighted
L2 Linker

PANOS 9.0 DDNS PPPoE

Hi.

 

Can anyone tell me if they have had any sucess using the DDNS feature in PAN OS v 9.0 when using a PPPoE connection.

The only option I have is DHCP and this throws an error when commiting the rule base to the firewall, looking at the runtime stats there is no ip information.

 

/M


Accepted Solutions
Highlighted
L2 Linker

It would appear that PPPoE interface connections are not supported for the DDNS configuration.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/dynamic-dns-overview.html

View solution in original post


All Replies
Highlighted
L2 Linker

Hi,  I have got it to work. Make sure you have the correct cert from the DDNS provider. I public IP is provided by DHCP by my ISP. 

 

Darren

Tags (4)
Highlighted
L2 Linker

That seems to be the issue, I do not get an IP via DHCP from the interface directly when connecting to the CPE, I have to initiate a PPPOE connection which does not seem to pass the IP address back unless I have a configuration error somehwere.

 

Can you share some of your configuration, I have tried both NO-IP as well as DuckDNS

 

/M

Highlighted
L2 Linker

which part? 

 

I get the DHCP from my ISP or the DDNS config? 

 

D.

Highlighted
L2 Linker

I would be interested to know which DDNS provier you are using and the required certs, it would help with with a known workling config to ensure I have that setup correctly before I run down other rabbit holes.

 

Many Thanks

/M

Highlighted
L2 Linker

It would appear that PPPoE interface connections are not supported for the DDNS configuration.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/dynamic-dns-overview.html

View solution in original post

Highlighted
L0 Member

This is unfortunate.  It would seem that it should be something that can technically be supported and other lesser FWs do support it.  A PPPoE assigned IP address basically a DHCP address with authentication.  This seems like it was intentionally decided to not support this configuration.

 

Another issue I've noticed is with Policy Based Forwarding.  If your Egress interface is assigned a dynamic IP (DHCP or PPPoE) then you can't select that as an next hop address.  You have to assign it a static address for the hop.  Lets just hope the ISP doesn't assign an new IP address with different next hop address for people in this situation.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!