looking to add the fqdn's for Office 365 but I have this sinking feeling this checkpoint firewall does not support wildcard fqdn's. It seems to do a reverse lookup on the IP that has no hope of working most of the time.
Also even for normal FQDN's it doesn't always work unless I have the firewall pointing to the same DNS server as the clients. I would of thought the firewall sees all dns requests as they pass through the firewall and the corresponding IP's returned to add to the rule set.
Then even when I use the same DNS servers sometimes on a basic FQDN, there are issues for those FQDN's with low TTLs. Does it not cache older DNS results to ensure the dns ttl window is not an issue?