The fix has been implemented for all the impacted customers. We are monitoring the results. If the users are experiencing any connectivity issues, please reconnect the GlobalProtect Agent to restore connectivity.
Posted Aug 31, 2020 - 19:43 UTC
Update
The fix is being rolled out to the service in batches. Please apply the workaround, and request the users to reconnect their Global Protect agent.
Posted Aug 31, 2020 - 09:04 UTC
Update
The fix is being validated. Once validated it will be rolled out to the service, no further action is required from the customer.
Posted Aug 31, 2020 - 08:03 UTC
Update
We are continuing to work on a fix for this issue.
Posted Aug 31, 2020 - 08:00 UTC
Identified
Issue Description: Change in the DNS server IP address on Mobile User endpoints (GlobalProtect Clients) causing DNS resolution failures
This issue was introduced as a part of the 1.7 rollouts, and the fix is being validated. Once validated it will be rolled out to the service, no further action is required from the customer.
In the meantime, if you are impacted please follow the workaround listed below; Workaround: Please review Prisma Access security policy to allow DNS traffic from the infrastructure subnet to your internal DNS infrastructure. Please review your on-prem security policy at the data center to verify that all DNS traffic(UDP/TCP port 53) sourced from the Prisma Access infrastructure subnet is allowed into your network and have access to the internal DNS services. If only a part of the infrastructure subnet or selected IP addresses are allowed then you must take an action to allow the entire infrastructure subnet to have access to your DNS infrastructure. Please add the Prisma Access infrastructure subnet to the DNS infrastructure allow-lists where applicable. Ref : https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview