Domain object not-FQDN

Fabio_Bucci1 · ‎2018-03-09

Hi all,

It seems domain objects not-FQDN still not working in R80.10 management. I performed only management server migration and my gateways are still R77.30 (I'm not able to use FQDN domain objects indeed).

Anybody is facing the same issue?

Thanks,

Fabio

Kaspars_Zibarts · ‎2018-03-09

Can you provide a little bit more detail of what exactly is not working? Remember since gateways are R77 then you may only use old school domain object that uses reverse lookup, stops acceleration and only will apply one IP address in case it resolves to many IPs. That's by design.

Fabio_Bucci1 · ‎2018-03-13

Hi Kaspars,

I need a policy that should match against a sub-domain object (for example mail.example.com, mail2.example.com, smtp.example.com) and for this reason I created a domain object as ".example.com" (non-FDQN object) following the official guide. Further, it's not reported in order to work it properly also security gateway must be R80 version.

Domain Objects in R80.10 and above (Non-FQDN Mode section)

Traffic is dropped and don't match that rule.

Bye

Kaspars_Zibarts · ‎2018-03-13

You might want to check this SK Rules containing domain objects bypassed in rulebase or this How do Domain Objects work?

It most likely covers your scenario for pre R80.10 domain objects

Are you a member of CheckMates?

Domain object not-FQDN