Skip to main content
saim
saim
New Member
April 25, 2012
Question

FQDN address is not working

  • April 25, 2012
  • 22 replies
  • 29811 views
Hi, I have fortigate 1000A I am using version v4.0,build0521,120313 (MR3 Patch 6). I have added in address imap.gmail.com but its not working. I have checked everything is fine as I give IP address it works. any idea.

    22 replies

    rwpatterson
    rwpatterson
    New Member
    April 25, 2012
    Welcome to the forums. What do you have for your DNS servers (in the unit)? Or better yet, can the FGT resolve that address from the CLI?
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    April 25, 2012
    ...by typing  exec ping www.whatsmyip.com   // just an example
    mthayes
    mthayes
    New Member
    April 25, 2012
    In the policy that has the FQDN address, are there any addresses with IP instead of FQDN. There is a bug that makes policies not work with mixed address types. If so create a new policy for each address type, FQDN and IP addresses. While the changelog states that this bug is fixed in patch 6, I still had the issue with some of my policies.
    seadave
    seadave
    New Member
    April 25, 2012
    Thanks for this post. This was driving me nuts. Now I know why it wasn' t working.
    saim
    saimAuthor
    New Member
    April 30, 2012
    Hi All, Thanks for your reply. I am able to ping from FortiGate device. As per the suggestion of " mthayes" I will create a new policy and check. Meanwhile I have talked to Fortigate support they have agree that there is bug and will be solved in next patch which will be released in first week of May 12.
    saim
    saimAuthor
    New Member
    May 2, 2012
    I have created individual rule only with FQDN but didn' t get success.
    saim
    saimAuthor
    New Member
    May 20, 2012
    Hi All, Fortinet have recently released MR3 Patch 7 and FQDN issue is gone. Thanks,
    mEjdejBDG
    mEjdejBDG
    New Member
    May 21, 2012
    Hi All. I have the same issues with FQDN. I did firmware upgrade to MR3 Patch 7 and it didn' t help.. I need to access from one of my servers placed in LAN, to the URL: maps.google.com. I' ve checked policy many times, I' ve checked with different URLs, and it doesn' t work. I need some solution until tommorow morning. PS. Hmm, it' s very weird - when I pinging Google Maps IP from this server, I get replies.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 21, 2012
    Could you please post your policy (from CLI)? Are there other policies for that interface pair ABOVE the one in question? What are you trying to achieve? A policy with a FQDN destination address is not the same as a URL filter, for instance.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 21, 2012
    do you see this as well?
     gate # diag firewall fqdn list   ...  maps.google.com: ID(201) REF(2) ADDR(209.85.148.102)  ADDR(209.85.148.139) ADDR(209.85.148.113)  ADDR(209.85.148.138) ADDR(209.85.148.100)  ADDR(209.85.148.101)
    mEjdejBDG
    mEjdejBDG
    New Member
    May 21, 2012
    Mentioned above server need to access only to this one URL maps.google.com, and nothing else. Of course, I have couple policies for those two interfaces. How can I print setting only for this policy? Sorry for my english ;)
    Show more replies
    Terms & ConditionsAccessibility statement