Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ezhupa
Staff
Staff

Created on ‎07-17-2024 12:07 AM

Article Id 326247

Technical Tip: DNS requests with uppercase not blocked with an external Domain threat feed

Description This article describes that DNS resolution is not blocked if it contains uppercase with policy in flow mode with a domain threat feed set to block certain domains.
Scope FortiGate.
Solution

When configuring an external domain threat feed with a list of domains and configuring them with an action set to 'Block' on a DNS filter security profile, domains are not being blocked if uppercase letters are present in the DNS traffic. 

 

For example when trying to block www.facebook.com on an External Domain Threat Feed:

 

This might cause issues when blocking certain domains as users could bypass the security profile this way. 

A possible workaround is to use a firewall policy in proxy mode. In proxy mode, this issue is not present and both requests will be blocked. 

 

If using proxy mode is not a viable solution, this issue is resolved on the latest IPS Engines:

  • v7.2- IPS Engine Build 0342.
  • v7.4- IPS Engine Build 0542.

 

To get the latest IPS Engine, open a ticket with the Fortinet TAC

 

To manually update the IPS Engine refer to the below article:
Technical Tip: How to manually upgrade the IPS Engine
299
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.