Skip to main content
luca1994
luca1994
Explorer III
January 23, 2024
Solved

Question about wildcard objects

  • January 23, 2024
  • 2 replies
  • 1632 views

Hello team,

 

I have an argument to share and would also like your opinion.
If I create a wildcard FQDN object *.pluto.com qwhen the client does dns traffic I also get sub domains resolved for example foo.pluto.com duck.pluto.com etc.
Now if by chance a subdomain is malevo this is resolved anyway and the fqdn wildcard object is updated with the malevoo ip. What advice can you give me to fix this problem? Or maybe it is not necessary if you configure other security profiles ad hoc?

 

Thanks

BR

Best answer by AEK

Hi Luca

This can't be handled at object level, but at web filter or so.

So you can still use the same object but just add a web filter profile if it is for web access.

2 replies

AEK
SuperUser
AEK
SuperUser
January 23, 2024

Hi Luca

In your case the wildcard object will contain the 3 FQDN with their IP address. Can you explain what is exactly the problem?

AEK
    luca1994
    luca1994Author
    Explorer III
    January 23, 2024

    Hello @AEK ,

     

    I meant if a malicious fqdn ip is resolved because for example if foo.pluto.com is a malicious subdomain this is resolved and the FQDN wildcard object is updated with the malicious ip address

     

    BR

    AEK
    SuperUser
    AEKAnswer
    SuperUser
    January 23, 2024

    Hi Luca

    This can't be handled at object level, but at web filter or so.

    So you can still use the same object but just add a web filter profile if it is for web access.

    AEK
      rosatechnocrat
      rosatechnocrat
      Explorer III
      January 23, 2024

      Nothing can be done from FQDN resolution perspective. Instead you can Web Filter profile to block traffic going to malicious domains. 

      Subscribe "ROSA Technocrat" on Youtube for Fortinet Videos and Troubleshooting https://www.youtube.com/@rosatechnocrat
      Terms & ConditionsAccessibility statement