Skip to main content
OE_Felix
OE_Felix
New Member
May 16, 2017
Solved

Firewall address not resolving in policy

  • May 16, 2017
  • 3 replies
  • 30753 views

Hi Guys,

 

I have a little problem with one of my IPv4 Policy's.

 

I've added a new FQDN address like "Computer.mydomain.local". After a few seconds, I can see the resolved IP address in the "Addresses" view.

I added my new FQDN address to a new policy and waited a few minutes. In the IPv4 Policy view, it shows me the error message: "This policy has the following issues: -It is using unresolved FQDN(s)." But the addresses view still shows the resolved IP address.

 

Do you have any ideas what I'm doing wrong? I couldn't find any similar topics about this. I'm on Firmware 5.4.4

Thanks in advance

Best Regards

Best answer by reczi
Hi Felix, I had a similar error. There was an address that could be resolved after I added the local address "Computer.mydomain.local" to Category in Security profiles->Web Rating Overrides, but it does not work for all addresses. Steve

3 replies

tooleyj
tooleyj
New Member
June 2, 2017

I am having this same issue with docs.google.com.  Every diagnostic command I have found to check dns resolution shows that it is properly resolving, but the policy gives a "using unresolved FQDNs" error.

reczi
recziAnswer
New Member
June 8, 2017
Hi Felix, I had a similar error. There was an address that could be resolved after I added the local address "Computer.mydomain.local" to Category in Security profiles->Web Rating Overrides, but it does not work for all addresses. Steve
josh
josh
New Member
September 4, 2017

reczi wrote:
I had a similar error. There was an address that could be resolved after I added the local address "Computer.mydomain.local" to Category in Security profiles->Web Rating Overrides, but it does not work for all addresses.

 

I also had a similar error. It appears addting a web-rating override fixes it. Very strange behaviour.

OE_Felix
OE_FelixAuthor
New Member
September 5, 2017

I recently upgraded to 5.4.5. Since that, I have no more problems with the FQDN's in the policys.

Can you guys confirm this?

 

Edit: just to clearify: It still show's the error message in the policy view. But if you try to use the policy for example

PC1 ping PC2. It will work just fine.

 

skim
skim
New Member
August 24, 2018

I had on a FortiGate 200D v5.4.6,build1165 (GA) the same error, the policy was working and after aprox. 15 minutes the error was gone.

Terms & ConditionsAccessibility statement