Advanced DNS Security

Verify the status of your firewall connectivity to the Advanced DNS Security cloud service.
Use the following CLI command on the firewall to view the connection status.
show ctd-agent status security-client 
For example:
show ctd-agent status security-client

...
Security Client ADNS(1)
        Current cloud server:   qa.adv-dns.service.paloaltonetworks.com:443
        Cloud connection:       connected
        Config:
                Number of gRPC connections: 2, Number of workers: 8
                Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 306
                Maximum number of workers: 12
                Maximum number of sessions a worker should process before reconnect: 10240
                Maximum number of messages per worker: 0
                Skip cert verify: false
        Grpc Connection Status:
                State Ready (3), last err rpc error: code = Unavailable desc = unexpected HTTP status code received from server: 502 (Bad Gateway); transport: received unexpected content-type "text/html"
                Pool state: Ready (2)
                     last update: 2024-01-24 11:15:00.549591469 -0800 PST m=+1197474.129493596
                     last connection retry: 2024-01-23 00:03:09.093756623 -0800 PST m=+1070762.673658768
                     last pool close: 2024-01-22 14:15:50.36062031 -0800 PST m=+1035523.940522446
Security Client AdnsTelemetry(2)
        Current cloud server:   io-qa.adv-dns.service.paloaltonetworks.com:443
        Cloud connection:       connected
        Config:
                Number of gRPC connections: 2, Number of workers: 8
                Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 306
                Maximum number of workers: 12
                Maximum number of sessions a worker should process before reconnect: 10240
                Maximum number of messages per worker: 0
                Skip cert verify: false
        Grpc Connection Status:
                State Ready (3), last err rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
                Pool state: Ready (2)
                     last update: 2024-01-24 11:25:58.340198656 -0800 PST m=+1198131.920100772
                     last connection retry: 2024-01-23 00:03:36.78141425 -0800 PST m=+1070790.361316421
                     last pool close: 2024-01-22 14:24:26.954340157 -0800 PST m=+1036040.534242289
...
Verify that the cloud connection status for
Security Client AdnsTelemetry(2)
and
Security Client ADNS(1)
are showing active connections.
CLI output shortened for brevity.
If you are unable to connect to the Advanced DNS Security cloud service, verify that the Advanced DNS server is not being blocked: dns.service.paloaltonetworks.com.