Explorer

Question

FortiGate not resolving TrendMicro.com IPs

Forum|Forum|1 year ago
January 30, 2025
3 replies
1298 views

Dear support,

TrendMicro Worry-Free Business Security Services (WFBS-SVC) provides the different URLs that can be used as reference for troubleshooting purposes (e.g. allow listing from firewall or proxy server): https://success.trendmicro.com/en-US/solution/KA-0006176

In FortiGate we created a rule, allowing as destination a new address: trendmicro.com (fqdn) but we noticed that it is resolving only to 1 IP. TrendMicro use more than 1 IP.

Also we tried using the FortiGate Internet services but without any luck. Can you support me ?

Thank You

FortiGate

Staff

Hello,

Please try to configure "cache-ttl" to 86400 seconds, if you have not configured it already. Please find the command below:

config firewall address
    edit "trendmicro.com"
        set cache-ttl 86400
    next
end

Please let me know if the issue will be fixed after above change.

Best Regards,

Ylli

Staff

Hi @bfig90 ,

What DNS server are you using on your client and FGT?

And can you query the DNS record of "trendmicro.com"?

I tried with Google DNS server and got 1 resolved IP only as below:

> server 8.8.8.8
Default Server: dns.google
Address: 8.8.8.8

> trendmicro.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: trendmicro.com
Address: 150.70.232.194

>

So it seems that this is not an FGT issue, it is a DNS issue.

Staff

Hi @bfig90 ,

You can even use this website to query the DNS:

https://mxtoolbox.com/SuperTool.aspx?action=dns%3atrendmicro.com

SuperUser

I think that the dns is being resolved based on geolocation query or something similar.

If you are doing a query from EU you would get a different IP vs a query done from US for example.

From cli you can check all the IPs that are being resolved, as described here https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-verify-the-FDQN-IP-address-in-DNS/ta-p/197321

"jack of all trades, master of none"