How to Change the FQDN Refresh Timers
Resolution
Overview
FQDN refresh timers are used to check the mapping between an IP address and a fully-qualified domain name.
By default, Palo Alto Networks devices perform this check every 30 minutes.
Details
The FQDN refresh timers can be configured from the CLI only, with the following commands:
> configure
# set deviceconfig system fqdn-refresh-time <1800-14399>
# commit
Beginning in PAN-OS 6.1, the fqdn-refresh time down can be reduced to 10 minutes, although the default refresh time would still be 30 minutes.
> configure
# set deviceconfig system fqdn-refresh-time <600-14399> (in seconds)
# commit
For example, while running PAN-OS 6.1, the following output shows that the refresh happened in ten minutes.
On all PAN-OS versions, the FQDN refresh time change can be verified with the show jobs all command. The following output example shows the FQDN refresh time set to 1 hour:
>show jobs all
Enqueued ID Type Status Result Completed
--------------------------------------------------------------------------
2013/05/13 15:49:16 11 FqdnRefresh FIN OK 15:49:16
2013/05/13 14:49:13 10 FqdnRefresh FIN OK 14:49:14
2013/05/13 13:49:10 9 FqdnRefresh FIN OK 13:49:11
owner: nayubi