Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hlngan
Staff
Staff

Created on ‎12-18-2024 10:10 PM Edited on ‎02-09-2025 11:42 PM By Community Manager

Article Id 365338

Technical Tip: FQDN object is not seen on the FortiGate with hyperscale enabled

Description This article describes the behavior of FQDN object in Firewall policy in Hyperscale Firewall
Scope FortiGate.
Solution

FQDN objects are not supported in the Hyperscale Firewall policy. However, only the VDOM with Hyperscale enabled is affected.

 

Enable the Hyperscale firewall features for FortiGate:

 

config global

    config system np

        set policy-offload-level full-offload 

    end

 

FQDN object still can be used in the Firewall Policy:

 

non-hyperscale vdom.PNG

 

Enable full-offload to specific VDOM:

 

config vdom

    edit test-hw

        config system setting

            set policy-offload-level full-offload

        end

 

hyperscale vdom.PNG

 

FQDN objects are not selectable on the firewall policy. Other firewall address that are not selectable on Hyperscale Firewall include Device(MAC Address) and Dynamic.
Labels:
252
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.