Radius Authentication Failing with FQDN in Server Profile
7220
Created On 04/25/20 00:28 AM - Last Modified 04/28/20 17:36 PM
Symptom
Radius authentication failing with FQDN specified in server profile, works after "commit force" or when IP address is specified.
Cause
In PAN-OS 8.1 and earlier, when FQDN is specified for the radius server IP, the actual resolution only happens during "autocommit" (usually system boot) or "commit force."
Resolution
Since the resolution does not happen "on the fly" nor during normal "commit," various situations may lead to unexpected failures to reach the server, such as:
- DNS resolution failed during the system bootup, and the system doesn't subsequently resolve IP until "commit force"
- Radius server was re-addressed and DNS was properly updated, but system uses the OLD IP until "commit force"
Additional Information
For more information, please review the following:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/dns/use-case-2-isp-tenant-uses-dns-proxy-to-handle-dns-resolution-for-security-policies-reporting-and-services-withi.html#