Error: "DNS Resolution failed for Cloud Secure Edge/License Manager"

Symptoms

When attempting to configure or connect a firewall to Cloud Secure Edge (CSE), the firewall connector displays the following error message:

"DNS Resolution failed for Cloud Secure Edge/License Manager. Check Network Settings."

Despite this error, verifying the local network settings and DNS servers on the firewall reveals no actual DNS connectivity issues.

Environment

• Product: Cloud Secure Edge (CSE) / Firewall Connector

• Condition: New CSE deployments or configurations created after late March (following the introduction of the Customer PoP Selection feature).

Cause

This is a known issue resulting from the PoP (Point of Presence) Selection feature.

Previously, CSE pre-provisioned PoPs automatically. With the new feature, customers must actively select and provision their desired PoPs. If a customer attempts to connect their firewall before provisioning any PoPs in the CSE portal, the connector attempts to resolve a PoP-specific endpoint that does not yet exist.

Because the PoP hasn't been provisioned, the endpoint is missing from the global DNS registry, causing the firewall to misinterpret the missing configuration as a local "DNS Resolution failure."

Real Root Cause: No PoPs have been provisioned in the CSE tenant.

Resolution

To resolve this issue, the administrator must select and provision their PoPs before establishing the firewall connection.

1. Log in to your Cloud Secure Edge (CSE) Management Portal.

2. Navigate to the PoP Management or Network Configuration section. For detailed step-by-step instructions, please refer to the CSE PoP Management Documentation.

3. Select and provision the desired Points of Presence (PoPs) for your deployment.

4. Allow a few minutes for the provisioning process to complete and for the new DNS records to propagate.

5. Return to the firewall interface and retry the CSE connection. The error should no longer appear.