Global Services Settings

To control and redirect DNS queries between shared and specific virtual systems, you can use a DNS proxy and a DNS Server profile.
Global Services Settings
Description
Services
DNS
Choose the type of DNS service: Server or DNS Proxy Object. This setting is used for all DNS queries that the firewall initiated in support of FQDN address objects, logging, and firewall management. Options include:
  • Primary and secondary DNS servers to provide domain name resolution.
  • A DNS proxy that has been configured on the firewall is an alternative to configuring DNS servers.
Primary DNS Server
Enter the IP address of the primary DNS server. The server is used for DNS queries from the firewall, for example, to find the update server, to resolve DNS entries in logs, or for FDQN-based address objects.
Secondary DNS Server
(Optional) Enter the IP address of a secondary DNS server to use if the primary server is unavailable.
Update Server
This setting represents the IP address or host name of the server used to download updates from Palo Alto Networks. The current value is updates.paloaltonetworks.com. Do not change the server name unless instructed by technical support.
Verify Update Server Identity
If this option is enabled, the firewall or Panorama will verify that the server from which the software or content package is download has an SSL certificate signed by a trusted authority. This option adds an additional level of security for the communication between the firewall/Panorama server and the update server.
Proxy Server section
Server
If the firewall needs to use a proxy server to reach Palo Alto Networks update services, enter the IP address or host name of the server.
Port
Enter the port for the proxy server.
User
Enter the user name to access the server.
Password/Confirm Password
Enter and confirm the password for the user to access the proxy server.
NTP
NTP Server Address
Enter the IP address or hostname of an NTP server that you want to use to synchronize the firewall’s clock. Optionally enter the IP address or hostname of a second NTP server to synchronize the firewall’s clock with if the primary server becomes unavailable.
Authentication Type
You can enable the firewall to authenticate time updates from an NTP server. For each NTP server, select the type of authentication for the firewall to use:
  • None—(Default) Select this option to disable NTP Authentication.
  • Symmetric Key—Select this option for the firewall to use symmetric key exchange (shared secrets) to authenticate the NTP server’s time updates. If you select Symmetric Key, continue by entering the following fields:
    • Key ID—Enter the Key ID (1- 65534).
    • Algorithm—Select the Algorithm to use in NTP authentication (MD5 or SHA1).
    • Authentication Key/Confirm Authentication Key—Enter and confirm the authentication algorithm’s authentication key.
  • Autokey—Select this option for the firewall to use autokey (public key cryptography) to authenticate the NTP server’s time updates.

Related Documentation