Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fabio_Bucci1
Explorer

Domain object not-FQDN

Hi all,

It seems domain objects not-FQDN still not working in R80.10 management. I performed only management server migration and my gateways are still R77.30 (I'm not able to use FQDN domain objects indeed).

Anybody is facing the same issue?

Thanks,

Fabio

3 Replies
Kaspars_Zibarts
Employee Employee
Employee

Can you provide a little bit more detail of what exactly is not working? Remember since gateways are R77 then you may only use old school domain object that uses reverse lookup, stops acceleration and only will apply one IP address in case it resolves to many IPs. That's by design.

Fabio_Bucci1
Explorer

Hi Kaspars,

I need a policy that should match against a sub-domain object (for example mail.example.com, mail2.example.com, smtp.example.com) and for this reason I created a domain object as ".example.com" (non-FDQN object) following the official guide. Further, it's not reported in order to work it properly also security gateway must be R80 version. 

Domain Objects in R80.10 and above (Non-FQDN Mode section)

Traffic is dropped and don't match that rule.

Bye

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

You might want to check this SK Rules containing domain objects bypassed in rulebase  or this How do Domain Objects work? 

It most likely covers your scenario for pre R80.10 domain objects

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events