10-29-2025 12:42 PM
Hi Team,
Today I created a new RN-SPN in one of the US location and I see the Service Endpoint Address is being displayed with the FQDN.
Have created multiple nodes before and never saw an FQDN and it use to be IP address always.
Just wanted to confirm if this is something which is new and will the IP address the FQDN resolving now will be static or will it change frequently?
10-31-2025 04:49 AM - edited 10-31-2025 08:45 AM
I suggest seeing Prisma Access SASE Extra Security Tips and Features | Palo Alto Networks point 8. Now there is Network LB infront of the MU-SPN and I suspect the same is for RN-SPN as when there is auto scale event the LB will have more SPN added. If this changes often it could depend on AWS or GCP as Prisma Access uses those and their Network LB. Is the FQDN aws or gcp one maybe that will give a clue as if not then Prisma uses AWS Route 53 or the GCP similar service and not the native FQDN given to a Network LB ?
Also if it was an IP address then as mentioned in Get Notifications When Prisma Access IP Addresses Change you needed to monitor when there is a change as there is no predefined window like every 6 months etc while with DNS this seems much simpler and it is mentioned in Remote Networks: Service Endpoint Address and Egress IP Address Allocation you can either get ip (probably legacy) or FQDN.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
