When configuring DNS Proxy Object on Panorama commit fails with error "server-profile is invalid"

When configuring DNS Proxy Object on Panorama commit fails with error "server-profile is invalid"

8600
Created On 05/30/22 23:46 PM - Last Modified 10/21/24 19:29 PM


Symptom


  • Configure DNS proxy object on Panorama
  • Select the DNS Server profile
  • Commit and Push to Firewalls fail with error similar to "server-profile is invalid" and 'DNS Server Profile' is not a valid reference
Validation Error:
dns-proxy -> DNSProxy -> server-profile 'DNS Server Profile' is not a valid reference
dns-proxy -> DNSProxy -> server-profile is invalid
No DNS default obj found
(Module: dnsproxyd)
client dnsproxyd phase 1 failure
Commit failed

 

 

Environment


  • Palo Alto Networks Firewall and Panorama
  • Supported PAN-OS
  • DNS Proxy Objects
  • Multiple virtual systems

Cause


Multi Vsys is not enabled on the Firewall.

Resolution


  1. Enable the multi-vsys option on the Firewall  (Step 1 of Configure Virtual System )
  2. For the Firewalls that does not support "multi-vsys, select the location as "Shared"
  3. For the Firewalls supporting multi-vsys enable the multi-vsys option and select the correct vsys
  4. Commit should work without issue

Example:

DNS proxy object with vsys1 as a Location  
         dns1.png

DNS proxy object with Shared Location         
     dns2.png

Additional Information


 


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Cpn9CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language