Prisma Access - DNS resolution failures for Mobile Users
Incident Report for Palo Alto Networks Cloud Services
Resolved
This incident has been resolved.
Posted Oct 22, 2020 - 17:45 UTC
Monitoring
The fix has been implemented for all the impacted customers. We are monitoring the results. If the users are experiencing any connectivity issues, please reconnect the GlobalProtect Agent to restore connectivity.
Posted Aug 31, 2020 - 19:43 UTC
Update
The fix is being rolled out to the service in batches. Please apply the workaround, and request the users to reconnect their Global Protect agent.
Posted Aug 31, 2020 - 09:04 UTC
Update
The fix is being validated. Once validated it will be rolled out to the service, no further action is required from the customer.
Posted Aug 31, 2020 - 08:03 UTC
Update
We are continuing to work on a fix for this issue.
Posted Aug 31, 2020 - 08:00 UTC
Identified
Issue Description: Change in the DNS server IP address on Mobile User endpoints (GlobalProtect Clients) causing DNS resolution failures

This issue was introduced as a part of the 1.7 rollouts, and the fix is being validated. Once validated it will be rolled out to the service, no further action is required from the customer.

In the meantime, if you are impacted please follow the workaround listed below;
Workaround:
Please review Prisma Access security policy to allow DNS traffic from the infrastructure subnet to your internal DNS infrastructure.
Please review your on-prem security policy at the data center to verify that all DNS traffic(UDP/TCP port 53) sourced from the Prisma Access infrastructure subnet is allowed into your network and have access to the internal DNS services.
If only a part of the infrastructure subnet or selected IP addresses are allowed then you must take an action to allow the entire infrastructure subnet to have access to your DNS infrastructure.
Please add the Prisma Access infrastructure subnet to the DNS infrastructure allow-lists where applicable.
Ref : https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview
Posted Aug 31, 2020 - 05:24 UTC
This incident affected: Prisma Access (Americas-Argentina, Americas-Bolivia, Americas-Brazil Central, Americas-Brazil East, Americas-Brazil South, Americas-Canada Central, Americas-Canada East, Americas-Canada West, Americas-Chile, Americas-Colombia, Americas-Costa Rica, Americas-Ecuador, Americas-Mexico Central, Americas-Mexico West, Americas-Panama, Americas-Paraguay, Americas-Peru, Americas-US Central, Americas-US East, Americas-US Northeast, Americas-US Northwest, Americas-US South, Americas-US Southeast, Americas-US Southwest, Americas-US West, Americas-Venezuela, APAC-Australia East, APAC-Australia South, APAC-Australia Southeast, APAC-Bangladesh, APAC-Cambodia, APAC-Hong Kong, APAC-India North, APAC-India South, APAC-India West, APAC-Indonesia, APAC-Japan Central, APAC-Japan South, APAC-Malaysia, APAC-Myanmar, APAC-New Zealand, APAC-Pakistan South, APAC-Pakistan West, APAC-Papua New Guinea, APAC-Philippines, APAC-Singapore, APAC-South Korea, APAC-Taiwan, APAC-Thailand, APAC-Vietnam, EMEA-Andorra, EMEA-Austria, EMEA-Belarus, EMEA-Belgium, EMEA-Bulgaria, EMEA-Croatia, EMEA-Czech Republic, EMEA-Denmark, EMEA-Finland, EMEA-France North, EMEA-France South, EMEA-Germany Central, EMEA-Germany North, EMEA-Germany South, EMEA-Greece, EMEA-Hungary, EMEA-Ireland, EMEA-Italy, EMEA-Liechtenstein, EMEA-Lithuania, EMEA-Luxembourg, EMEA-Moldova, EMEA-Monaco, EMEA-Netherlands Central, EMEA-Netherlands South, EMEA-Norway, EMEA-Poland, EMEA-Portugal, EMEA-Romania, EMEA-Russia Central, EMEA-Russia Northwest, EMEA-Slovakia, EMEA-Slovenia, EMEA-Spain Central, EMEA-Spain East, EMEA-Sweden, EMEA-Switzerland, EMEA-UK, EMEA-Ukraine, EMEA-Uzbekistan, EMEA-Kenya, EMEA-Nigeria, EMEA-South Africa Central, EMEA-South Africa West, EMEA-Egypt, EMEA-Israel, EMEA-Jordan, EMEA-Kuwait, EMEA-Saudi Arabia, EMEA-Turkey, EMEA-United Arab Emirates, Americas-Brazil South (Location on-boarded prior to version 1.4), Americas-Canada East (Location on-boarded prior to version 1.4), Americas-US Central (Location on-boarded prior to version 1.4), Americas-US East (Location on-boarded prior to version 1.4), Americas-US Northwest (Location on-boarded prior to version 1.4), Americas-US West (Location on-boarded prior to version 1.4), APAC-Australia Southeast (Location on-boarded prior to version 1.4), APAC-India West (Location on-boarded prior to version 1.4), APAC-Japan Central (Location on-boarded prior to version 1.4), APAC-Singapore (Location on-boarded prior to version 1.4), APAC-South Korea (Location on-boarded prior to version 1.4), EMEA-France North (Location on-boarded prior to version 1.4), EMEA-Germany Central (Location on-boarded prior to version 1.4), EMEA-Ireland (Location on-boarded prior to version 1.4), EMEA-UK (Location on-boarded prior to version 1.4)).