This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
smorales31
Explorer
Monday

Amount of FQDN Domains

Hello,
I would like to know how many domains a Gateway supports, with more than 5,000 FQDN domains?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
Monday

In what capacity are you using FQDN Domains?
There's a couple different limits involved here:

Depending on your exact use case, there may be ways to mitigate these limits.

0 Kudos
smorales31
Explorer
Monday
In response to PhoneBoy

Understanding that the network objects in each domain are 100,000,

There is no defined limit for domain objects, correct?

Could there be 100,000 domain objects?

Knowing that it may affect performance.

0 Kudos
PhoneBoy
Admin
Admin
Monday
In response to smorales31

Considering:

  • The default table sizes for the various domain objects tops out at 25,000
  • The gateway tries to resolve the IPs for FQDNs every second

I suspect you will have serious issues with that many domains.
Which raises the question of what the actual use case is here.

0 Kudos
the_rock
Legend
Legend
Monday

Let us know if you find the official answer. Below is what AI shows : - )

Andy

In Check Point, you can define FQDN objects to match traffic to specific domains, with a limit of 100 FQDN objects and 1000 domains per account, and each FQDN object can contain a maximum of 1000 domains. 
 
Here's a more detailed breakdown:
  • FQDN Object Limits:
    • A firewall supports a total of 100 FQDN objects. 
       
    • FQDN objects can contain a maximum of 1000 domains per account. 
       
  • Examples of FQDN Object Usage:
    • One FQDN object per rule, across 100 rules. 
       
    • 100 FQDN objects contained in a single rule. 
       
    • Ten FQDN objects containing 100 domains each. 
       
    • 100 FQDN objects containing ten domains each. 
0 Kudos
smorales31
Explorer
13 hours ago
In response to the_rock

Hi,

So, can 100 FQDN objects and 1000 domains be created per object?

What I don't understand is if an FQDN object can only have one domain added, for example, .eltiempo.com. So where are more domains added?

I'm not quite understanding

0 Kudos
PhoneBoy
Admin
Admin
9 hours ago
In response to smorales31

Not sure what @the_rock promoted the AI with, but that answer is flat out wrong as a domain object can only hold a SINGLE FQDN.
There are multiple type of objects that can be used depending on the exact use case and capabilities are.
I suggest you have a look at a session I recently did on web filtering that might help your understanding: https://community.checkpoint.com/t5/Security-Gateways/Web-Filtering-Best-Practices-March-2025-Video-...

Most likely, you'll probably want to use a Network Feed object to define that many FQDNs (available in R81.20 and above).
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

0 Kudos
the_rock
Legend
Legend
9 hours ago
In response to smorales31

I actually looked that over myself as well and does not make much sense, agree. As @PhoneBoy advised, network feeds might be a good idea.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top