topic have a sinking feeling that wildcard fqdn's are not supported...? in General Topics https://community.checkpoint.com/t5/General-Topics/have-a-sinking-feeling-that-wildcard-fqdn-s-are-not-supported/m-p/29719#M6072 <HTML><HEAD></HEAD><BODY><P>looking to add the fqdn's for Office 365 but I have this sinking feeling this checkpoint firewall does not support wildcard fqdn's. It seems to do a reverse lookup on the IP that has no hope of working most of the time.</P><P></P><P>Also even for normal FQDN's it doesn't always work unless I have the firewall pointing to the same DNS server as the clients. I would of thought the firewall sees all dns requests as they pass through the firewall and the corresponding IP's returned to add to the rule set.</P><P></P><P>Then even when I use the same DNS servers sometimes on a basic FQDN, there are issues for those FQDN's with low TTLs. Does it not cache older DNS results to ensure the dns ttl window is not an issue?</P></BODY></HTML> Wed, 26 Sep 2018 17:48:35 GMT Bob_Bobson 2018-09-26T17:48:35Z have a sinking feeling that wildcard fqdn's are not supported...? https://community.checkpoint.com/t5/General-Topics/have-a-sinking-feeling-that-wildcard-fqdn-s-are-not-supported/m-p/29719#M6072 <HTML><HEAD></HEAD><BODY><P>looking to add the fqdn's for Office 365 but I have this sinking feeling this checkpoint firewall does not support wildcard fqdn's. It seems to do a reverse lookup on the IP that has no hope of working most of the time.</P><P></P><P>Also even for normal FQDN's it doesn't always work unless I have the firewall pointing to the same DNS server as the clients. I would of thought the firewall sees all dns requests as they pass through the firewall and the corresponding IP's returned to add to the rule set.</P><P></P><P>Then even when I use the same DNS servers sometimes on a basic FQDN, there are issues for those FQDN's with low TTLs. Does it not cache older DNS results to ensure the dns ttl window is not an issue?</P></BODY></HTML> Wed, 26 Sep 2018 17:48:35 GMT https://community.checkpoint.com/t5/General-Topics/have-a-sinking-feeling-that-wildcard-fqdn-s-are-not-supported/m-p/29719#M6072 Bob_Bobson 2018-09-26T17:48:35Z Re: have a sinking feeling that wildcard fqdn's are not supported...? https://community.checkpoint.com/t5/General-Topics/have-a-sinking-feeling-that-wildcard-fqdn-s-are-not-supported/m-p/29720#M6073 <HTML><HEAD></HEAD><BODY><P>A better way to do this is with the Office 365 updatable objects available with R80.20, which was just released yesterday.</P></BODY></HTML> Thu, 27 Sep 2018 17:46:50 GMT https://community.checkpoint.com/t5/General-Topics/have-a-sinking-feeling-that-wildcard-fqdn-s-are-not-supported/m-p/29720#M6073 PhoneBoy 2018-09-27T17:46:50Z