Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_Lutgendorf
Participant
Jump to solution

r80.10 FQDN allow rule not being picked up in DMZ zone.

TL;DR

Have rules for cylance.com being allowed on the application layer (All traffic regardless of zones.) However, the DMZ network is not seeing all their AWS instances as "cylance.com"

Okay fine I'll create a network rule (Seeing its traffic get blocked by last catch-all block/drop) for the DMZ to wildcard *.cylance.com <--- But you can't do that so I did .*\.cylance.com (FQDN domain object.)

Still nada. The odd thing is DMZ stuff isn't resolving their AWS addresses as standard traffic does.

Does anyone know where I've gone wrong?

 

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
Dima_M
Employee
Employee

Domain object has FQDN and non FQDN modes. Non FQDN mode enforces the domain and its sub-domains (Gateway performs reverse DNS lookup).

".cylance.com" in non FQDN mode should work for you.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
You can’t do wildcards with FQDN objects.
A specific hostname must be used.
The fact the GUI allows what you specified could be viewed as a bug.
Mike_Lutgendorf
Participant

Gotcha so I shouldn't be using the FQDN? 

If I use a host it will resolve to one IP which for a smattering of AWS addresses doesn't help solve the issue. (Recommended by the vendor instead of saying them just providing a block)

 

Which is still a question to why the addresses don't resolve for certain zones, to begin with.

0 Kudos
Dima_M
Employee
Employee

Domain object has FQDN and non FQDN modes. Non FQDN mode enforces the domain and its sub-domains (Gateway performs reverse DNS lookup).

".cylance.com" in non FQDN mode should work for you.

0 Kudos
PhoneBoy
Admin
Admin
However, that assumes the reverse DNS of the relevant IPs resolves to something.cylance.com.
This has never been a fantastic assumption.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events