You are prompted that, if you have the legacy Dynamic DNS support enabled,
enabling the updated support permanently disables the legacy support. Click
OK
to continue.
Configure the
Dynamic DNS
settings.
Select
Enable Dynamic DNS Support
.
Select the
Domain Type
.
Ddns Fallback
—The domain used for the
nsupdate events falls back to the domain you specify in the
Domain Name
area. Use this choice if
the GlobalProtect clients are not joined to any domain, or if
they are domain-joined to the same domain that the DDNS service
uses to update the records on the DNS server.
If you select
Ddns Fallback
and users who are
not connected to a domain log into GlobalProtect, their
information is added under the Ddns Fallback zone that's
created on the DNS server.
If GlobalProtect clients
that are logging in to GlobalProtect belong to an unexpected
domain that isn't configured on the DNS server, nsupdate
might fail; in this case; select
Ddns
Override
to override the unknown domain with
the domain that is known to the DNS server.
Ddns Override
—
Prisma Access
uses only
the domain you specify to update the DNS server and overrides
all other domains. If GlobalProtect clients log in to another
domain, the DDNS service uses the domain you specify here to
update the DNS A and PTR records.
Select the domain that is used to update the PTR records for either
fallback or Domain Names in the
Domain Name
field.
Select the
DNS Server IP
address.
Select the
Authentication Type
(either
TSIG
or
Kerberos
).
(
TSIG Deployments Only
) Select the
TSIG
Key
to use with TSIG.
Make sure
that the TSIG file is in the correct format and has a filetype of .key.
The TSIG
file should be in the following format: