cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Domain object not-FQDN

Hi all,

It seems domain objects not-FQDN still not working in R80.10 management. I performed only management server migration and my gateways are still R77.30 (I'm not able to use FQDN domain objects indeed).

Anybody is facing the same issue?

Thanks,

Fabio

Labels (1)
3 Replies

Re: Domain object not-FQDN

Can you provide a little bit more detail of what exactly is not working? Remember since gateways are R77 then you may only use old school domain object that uses reverse lookup, stops acceleration and only will apply one IP address in case it resolves to many IPs. That's by design.

Highlighted

Re: Domain object not-FQDN

Hi Kaspars,

I need a policy that should match against a sub-domain object (for example mail.example.com, mail2.example.com, smtp.example.com) and for this reason I created a domain object as ".example.com" (non-FDQN object) following the official guide. Further, it's not reported in order to work it properly also security gateway must be R80 version. 

Domain Objects in R80.10 and above (Non-FQDN Mode section)

Traffic is dropped and don't match that rule.

Bye

0 Kudos

Re: Domain object not-FQDN

You might want to check this SK Rules containing domain objects bypassed in rulebase  or this How do Domain Objects work? 

It most likely covers your scenario for pre R80.10 domain objects