Enable DDNS for Mobile Users—GlobalProtect
Focus
Focus
Prisma Access

Enable DDNS for Mobile Users—GlobalProtect

Table of Contents

Enable DDNS for Mobile Users—GlobalProtect

Enable Dynamic DNS updates for your Mobile Users—GlobalProtect deployment.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
To update your DNS server with A and PTR records of your GlobalProtect mobile users, complete following steps.
  1. Create an authentication key in your DNS server.
    This example uses Infoblox as the DNS server.
    1. Log in to your DNS server.
    2. Select Data ManagementDNSGrid DNS PropertiesUpdates.
    3. Allow updates from Set of ACEs.
    4. Add a TSIG Key after filling details.
      • Select the 256 key algorithm.
      • Generate Key Data to create a new key. Select the 256 key data.
    5. Copy the key data to a file in the following format and save the file with .key extension.
      key "ddns-gp" { algorithm hmac-sha256; secret "wCJKVYUtQt644eVOWnowgw=="; };
      You upload this key to Prisma Access Cloud Services plugin in a later step.
  2. In your Prisma Access deployment, specify your DNS server as the primary DNS server.
    1. Select PanoramaSetupServices.
    2. Edit the settings and update the primary DNS server details.
  3. Configure the DDNS settings.
    1. Select PanoramaCloud ServicesConfigurationService Setup.
    2. Select Service OperationsDynamic DNS Configuration and Enable DDNS.
    3. (Optional) Configure TTL, which is the time-to-live (TTL) value, to the frequency at which you want Prisma Access to refresh FDQN in its cache.
      The value is set to 9 hours by default.
    4. Upload the DDNS authentication key that you created in Step 1 from your DNS server.
  4. Commit to Panorama.