For details on cookie usage on our site, read our Privacy Policy
Unable to resolve FQDN after upgrading PAN OS to 10.1.5 - " ping: unknown host FQDN"
- LIVEcommunity
- Discussions
- General Topics
- Unable to resolve FQDN after upgrading PAN OS to 10.1.5 - " ping: unknown host FQDN"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-16-2022 04:38 AM
Hi Every one,
We have recently upgraded PA-820 to PA-OS 10.1.5. After that, we observed we cannot resolve any FQDN from the firewall.
*. We have verified the DNS setting Device>Setup>Services> Primary as 8.8.8.8 and local.
*. We have tested by changing the service route of DNS to LAN, WAN, and default and allowed complete access in policy still no use.
*. We have restarted MGMT server and DNS-Proxy process but still, no use getting errors as " ping: unknown host FQDN"
* Also observed it is working file in machines behind this firewall. Only unable to resolve from firewall CLI.
Can anyone please help me to address this issue.
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-13-2022 05:32 AM
Hi @OtakarKlier :
PA TAC Update is :
This behavior is observed on PAN 10.1.6.There is no target fix for this bug.
As the resolution is either remove the domain name (if not required) and if required then there should not be any space.
PAN-196841 will be fixed as with same configuration we observed that content and dynamic updates working fine on PAN OS 10.1.3.
The issue was due to invalid domain string name configured on the firewall under General setting>>Domain.
Device --> Setup --> Management --> General Settings --> Domain -->
+We removed the domain and issue got fixed.
Recently there was a fix added to validate all hostname/domain name strings from sysdagent. Hence quite possible that this string was accepted in earlier versions
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-16-2022 09:44 AM
you're not alone on this one i am running 10.1.5. i have been dealing with this issue for the past week or so. I am looking at upgrading to 10.1.6 since it was recently approved as the preferred release. my set up is pretty simple it's only a palo 440 trunked to a cisco 2960xr. i have thrown just about everything at it and still no luck.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-16-2022 10:09 AM
Hello,
Looks like 10.1.6 is the prefered release. I'm running it and have not seen the issue you are describing.
Regards,
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-16-2022 10:14 AM
@JuanRodriguezIT and @OtakarKlier : Thanks for your reply. Is there any other workaround except the PAN-OS upgrade?
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-16-2022 11:25 AM
if you don't want to upgrade i would go back to the previous version. i am looking at upgrading to 10.1.6 but obviously needs to be done after hours. @OtakarKlier mentioned he has no issues so I am hoping that will fix my issue because as i mentioned I've hit this thing from all angles except downgrading or upgrading 😞
- GlobalProtect Upgrade Settings in GlobalProtect Discussions
- Not recognizing standard ports like smtp. Instead showing as Not-Applicable and blocking in General Topics
- Panorama push errors None after upgrade in General Topics
- Advanced threat protection_Deep Learning in Next-Generation Firewall Discussions
- DNS resolution for management interface not working after upgrade to 10.2.3 in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
