Case 1: The client re-configured their new Windows DC and PA-850 Firewall. He can ping a public IP address, but not Full Qualify Domain Name
Troubleshooting: We run show deviceconfig system dns-setting config command to check the DNS settings, it shows 10.0.0.84 and 10.0.0.73, which are older DNS serer IP addresses. Replacing them with the new DNS IP addresses fixes the problem.
Case 2: The client just changes their IPS. They have a problem to access the Internet.
When the client checks the DNS settings on PA-850, it looks good.
Troubleshooting: In reviewing their configuration on PA-850, they still keep the old IPS IP address just in a case they need to switch back.
In this situation, we need to re-configure the DNS service on PA-850.
* Go to Device>Setup>Services
•Click Services Route Configuration under Services.
•Check Customize
•Click on DNS
* Select the new IPS IP Address which you are using, which x.x.x.124/28 in our example.
Now, you should be able to ping FQDN.
Tips: We can use these command lines to check the DNS status.
- Enable configuration mode
set cli config-output-format set
configure
2. Run these commands:
Show deviceconfig system dns-setting
Show deviceconfig
Show deviceconfig show session all filter application dns
Please view this step by step video: