The FQDN option uses forward DNS lookups (DNS name to IP mapping)
As there is no way to do a forward lookup of a wildcard, you must list the explicit FQDNs.
This option is SecureXL friendly and supported in R80.10+ gateways.
Unchecking the FQDN option will use reverse DNS lookups (IP to DNS name mapping), which will work with all versions.
However, this option often produces inaccurate results as many sites use IPs that do not map to the expected DNS names.
Just as an example:
dwelch@host:~$ nslookup google.com
dwelch@host:~$ nslookup 184.108.40.206
220.127.116.11.in-addr.arpa name = lax28s15-in-f14.1e100.net.
Authoritative answers can be found from: