Palo Alto Networks Knowledgebase: How to Change the FQDN Refresh Timers

How to Change the FQDN Refresh Timers

17089
Created On 02/07/19 23:56 PM - Last Updated 02/07/19 23:56 PM
Content Release Deployment
Resolution

Overview

FQDN refresh timers are used to check the mapping between an IP address and a fully-qualified domain name.

By default, Palo Alto Networks devices perform this check every 30 minutes.

Details

The FQDN refresh timers can be configured from the CLI only, with the following commands:

> configure

# set deviceconfig system fqdn-refresh-time <1800-14399>

# commit


Beginning in PAN-OS 6.1, the fqdn-refresh time down can be reduced to 10 minutes, although the default refresh time would still be 30 minutes.

> configure

# set deviceconfig system fqdn-refresh-time <600-14399> (in seconds)

# commit


For example, while running PAN-OS 6.1, the following output shows that the refresh happened in ten minutes.

Test.jpg

On all PAN-OS versions, the FQDN refresh time change can be verified with the show jobs all command. The following output example shows the FQDN refresh time set to 1 hour:

>show jobs all

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2013/05/13 15:49:16          11      FqdnRefresh       FIN     OK 15:49:16

2013/05/13 14:49:13          10      FqdnRefresh       FIN     OK 14:49:14

2013/05/13 13:49:10           9      FqdnRefresh       FIN     OK 13:49:11

owner: nayubi



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKbCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language