This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Palo Alto unable to resolve its own static entries

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palo Alto unable to resolve its own static entries

ciscojuniperf5
L1 Bithead

‎02-03-2025 01:14 PM

Palo Alto unable to resolve its own static entries

When I try ping host abc.com

it says ping : abc.com : System error

 

How do I fix this?

There is a static entry for abc.com on the palo alto

0 Likes Likes
7 REPLIES 7

mshekh
L4 Transporter

‎02-03-2025 08:29 PM

Hi @ciscojuniperf5 ,

 

Thanks for info however provided info is not enough to comment on resolution however please refer the below kb for more details related to configuration as it looks like some configuration issue.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLxCAK

 



Best Regards,
Mohammad Talib
0 Likes Likes

ciscojuniperf5
L1 Bithead

‎02-04-2025 03:30 AM

Hi @mshekh 

Those settings are same on a firewall where it is working and this firewall where it not working. I am confused now as to where is the issue.

0 Likes Likes

ciscojuniperf5
L1 Bithead

‎02-04-2025 03:33 AM

Its a PA-440 on version 11.2.4-h1

0 Likes Likes

mshekh
L4 Transporter

‎02-04-2025 05:16 PM

Hi @ciscojuniperf5 ,

 

Thanks for info, please open a support case and work with TAC team for further investigation if settings are correct.

 



Best Regards,
Mohammad Talib
0 Likes Likes

emr_1
L5 Sessionator
In response to ciscojuniperf5

‎02-04-2025 11:03 PM - edited ‎02-04-2025 11:08 PM

At least you need to take care of two locations.

 

One is DNS proxy as mentioned in previous post:

 

2025-02-05 15 58 40.png

 

Secondary, you need to configure to use dns proxy by system (pan device itself) as below:

 

2025-02-05 15 58 50.png

 

Here is my result:

====

admin@PA-455> ping host abcsampledomain.com  <<< Before configuring above two
ping: abcsampledomain.com: System error

admin@PA-455> show dns-proxy static-entries all

Name: dnsproxy
Static Entries: 2
Domain IP/Name Type Class TTL Hits Static
-----------------------------------------------------------------------------------------------------------------------------
4.3.2.1.in-addr.arpa abcsampledomain.com PTR IN 0 0 config
abcsampledomain.com 1.2.3.4 A IN 0 0 config


admin@PA-455> ping host abcsampledomain.com <<< After configuring above two
PING abcsampledomain.com (1.2.3.4) 56(84) bytes of data. <<< you can see IP address

====

 

0 Likes Likes

ciscojuniperf5
L1 Bithead
In response to emr_1

‎02-05-2025 04:33 AM

I have these configured similar on both working and non working firewall

0 Likes Likes

mshekh
L4 Transporter

‎02-06-2025 07:19 PM

Hi @ciscojuniperf5 ,

 

I will suggest you to open a tac case and work with Tac team to troubleshoot further.



Best Regards,
Mohammad Talib
0 Likes Likes
  • 571 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks