Unable to ping any hostnames from the firewall management interface

Unable to ping any hostnames from the firewall management interface

1166
Created On 09/29/22 06:34 AM - Last Modified 07/12/25 02:28 AM


Symptom


  • Multiple comma separated domains are configured under Device > Setup > Management > General Settings > Domain >
  • After upgrading the HA firewall PAN-OS to 10.1.6, ping to any hostnames from the management interface of one firewall stops working.
admin@BLR-PA-1(active-primary)> ping host updates.paloaltonetworks.com
ping: unknown host updates.paloaltonetworks.com
  • The firewall doesn't generate any DNS requests to both external and internal DNS server even when they are reachable. Traffic is not initiated from the management address.
  • "Failed to resolve host" messages are seen in the system log (show log system)



              
Environment

  • Palo Alto Firewalls
  • PAN-OS  10.1.6



              
Cause

  • In the older PAN-OS versions the domain names are not validated.
  • Starting PAN-OS 10.1.6, the domain name is getting validated by Sysdagent.



              
Resolution

Use only one domain under GUI: Device > Setup  > Management > General Settings > Domain >



              
Additional Information

If using multiple domains use space between domains instead of "comma"



        
       
      





      

        
        
        

    

    

    

      

        
Other users also viewed:

        

             

               
              

        

    

        

        
        

          
Actions

          
    
           
            
            
            
  • 
                Print
            
    • 
            
  • 
            
    • 
            
  • 
              Copy Link
                
                
    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlgKCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail
    
            
    •