Technical Tip: Creating a static route that uses a FQDN firewall address object
Description
This article describes how to use an FQDN firewall address object in a static route.
Scope
FortiGate.
Solution
If dynamically updated FQDN addresses need to be referenced in a static route, here is how to achieve this:
First, create the Firewall object by going to Policy & Objects -> Addresses, select 'Create new' and choose Address, change the Type to FQDN, fill out the Name and FQDN parameters, and enable 'Static route configuration'.
Use the newly created Firewall address in a static route:
Go to Network -> Static Routes and select Create New, change the Destination by selecting 'Named Address', choose the FQDN address created in the previous step, fill out the outgoing Interface, and the Gateway Address.
Go to Network -> Static Routes and select Create New, change the Destination by selecting 'Named Address', choose the FQDN address created in the previous step, fill out the outgoing Interface, and the Gateway Address.
Address groups can also be referenced in a static route, but all address members need to have the 'Static route configuration' enabled.
In case any of the members do not have this enabled, the 'Static route configuration' switch is grayed out.
When using an FQDN as a source/destination address on a firewall policy, make sure that the DNS can resolve the FQDN. Otherwise, the firewall policy may not work.
When using an FQDN as a source/destination address on a firewall policy, make sure that the DNS can resolve the FQDN. Otherwise, the firewall policy may not work.
Related article:
Technical Tip: How to create a static route on FortiGate from the GUI Interface