FQDN address using wildcards

Forum|Forum|15 years ago
February 10, 2011
4 replies
5895 views

Hi everybody, i' m tryin to permit access from some clients to the Microsoft update servers. I wanted to do it enabling a couple of addressess , like *.microsoft.com and *.windowsupdate.com, which should work easily, but Fortigate does not accept wildcards in FQDN names. Or, better, i can save the address with the wildcard but it does not work. Even the CLI does not offer any different feature Is there any way to work around this or a i have to add all the names in detail? Fortigate is 50B MR1 u1 mnay thanks GiBiT

Carl_Wallmark

New Member

instead of FQDN, create a local webfilter, that one supports wildcards,

RadioLontraAuthor

New Member

It' s not a matter of web filtering, navigation is blocked by a firewall policy which denies access to the external interface. I need to permit access for a group of ip or fqdn addresses..

billp

New Member

As far as I know, it' s not possible to use wildcards in a FQDN.

rwpatterson

New Member

Use custom ratings. Works like a charm with licensed Fortiguard service.

FortiRack_Eric

New Member

The best way for doing this is to use local webfiltering: 1. Go to Web Filter > URL Filter. 2. Select Create New, or select an already available list. 3. Select Create New, to create an entry for each of the following exempt rules. o URL= .*update\.microsoft\.com.* Type= regex Action= exempt o URL= .*download\.windowsupdate\.com.* Type= regex Action =exempt o URL= .*\.microsoft\.com.* Type= regex Action =exempt By using an exempt rule, it also avoids that AV is performed on the downloads as this usually triggers the heuristics rule (flagged as suspicious) Cheers, Eric

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded