https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163659#M27352 <P>We're using Domain Objects since couple of years without a problem (we have ~500 objects). Just pay attention that in some cases (like 1 in 100 or 1000) there might be a situation that your client would resolve the domain to IP address 1.2.3.4 while the CheckPoint GW would resolve that same domain to 1.3.4.2 IP address . To be honest, we never encountered that, or at leas I was not aware in those couple of years we're using it....</P> <P>So in order not to face that, make sure that the DNS servers used by your clients, will be same as your CheckPoint Gateways, like some internal DNS servers....</P> <P>&nbsp;</P> <P>One other thing, the object definition has an option to perform reverse DNS in order to assure that the IP resolves to the domain and vice-versa, still with cloud these days, the revers does not match.... so pay attention to that part.</P> <P>&nbsp;</P> <P>Thank you,</P> Wed, 30 Nov 2022 07:00:38 GMT Sorin_Gogean 2022-11-30T07:00:38Z https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163624#M27333 <P>We have a number of outbound Internet rules that we have to update regularly due to the destination IP changing:</P><P>Ie: URL thiswebsite.com was 1.2.3.4 and then the remote site IP changed to 7.8.9.10</P><P>Which means we have go update the thiswebsite.com firewall object that we have.</P><P>Is URL/FQDN natively supported/permitted without a license in R80+?</P><P>meaning - I can create a URL object call thiswebsite.com and when the IP changes at the remote side I have no need to update my rule(s)?</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 29 Nov 2022 23:07:27 GMT https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163624#M27333 JaySon_2021 2022-11-29T23:07:27Z https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163645#M27348 <P>Yes, they are called Domain objects.<BR />See&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk120633&amp;partition=Basic&amp;product=Quantum" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk120633&amp;partition=Basic&amp;product=Quantum</A><BR />Domain Objects are supported with the basic firewall license.</P> Wed, 30 Nov 2022 02:30:35 GMT https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163645#M27348 PhoneBoy 2022-11-30T02:30:35Z https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163650#M27351 <P>Phoneboy said it right, you just need basic license to use domain objects, no need for anything special.</P> Wed, 30 Nov 2022 02:54:12 GMT https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163650#M27351 the_rock 2022-11-30T02:54:12Z https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163659#M27352 <P>We're using Domain Objects since couple of years without a problem (we have ~500 objects). Just pay attention that in some cases (like 1 in 100 or 1000) there might be a situation that your client would resolve the domain to IP address 1.2.3.4 while the CheckPoint GW would resolve that same domain to 1.3.4.2 IP address . To be honest, we never encountered that, or at leas I was not aware in those couple of years we're using it....</P> <P>So in order not to face that, make sure that the DNS servers used by your clients, will be same as your CheckPoint Gateways, like some internal DNS servers....</P> <P>&nbsp;</P> <P>One other thing, the object definition has an option to perform reverse DNS in order to assure that the IP resolves to the domain and vice-versa, still with cloud these days, the revers does not match.... so pay attention to that part.</P> <P>&nbsp;</P> <P>Thank you,</P> Wed, 30 Nov 2022 07:00:38 GMT https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163659#M27352 Sorin_Gogean 2022-11-30T07:00:38Z https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163765#M27371 <P>Even in the 90s, Reverse DNS didn't always match up very well <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 30 Nov 2022 18:37:29 GMT https://community.checkpoint.com/t5/General-Topics/FQDN-destination-natively-supported-R80/m-p/163765#M27371 PhoneBoy 2022-11-30T18:37:29Z