The FQDN option uses forward DNS lookups (DNS name to IP mapping)
As there is no way to do a forward lookup of a wildcard, you must list the explicit FQDNs.
This option is SecureXL friendly and supported in R80.10+ gateways.
Unchecking the FQDN option will use reverse DNS lookups (IP to DNS name mapping), which will work with all versions.
However, this option often produces inaccurate results as many sites use IPs that do not map to the expected DNS names.
Just as an example:
dwelch@host:~$ nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 172.217.11.174
dwelch@host:~$ nslookup 172.217.11.174
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
174.11.217.172.in-addr.arpa name = lax28s15-in-f14.1e100.net.
Authoritative answers can be found from:
dwelch@kermit:~$