| Description |
This article describes how to configure wildcard-FQDN custom and group from CLI and GUI. |
| Scope | FortiGate. |
| Solution |
Wildcard-FQDN is created in two tables:
- Under firewall wildcard- FQDN custom from CLI and GUI. - Under firewall addresses, type set to FQDN to create any wildcard entry.
Note. Option one GUI is changed from 6.2 versions as separate option is available under Addresses -> WildcardFQDN till 6.0 versions but now it is available from SSL/SSH inspection only.
1) Wildcard-FQDN custom and group used only in ssl/ssh deep inspection to exempt any wildcard FQDN under ssl-exempt.
From CLI:
# config firewall wildcard-fqdn custom edit “wildcard-fqdnExample” set uuid 96c22534-8a3b-51ea-ad68-98a463172307 set wildcard-fqdn “*.facebook.com” set color 3 set comment “wildcard-fqdn custom next end
# config firewall wildcard-fqdn group edit “wildcard-fqdnGroupExample” set uuid 96c22534-8a3b-51ea-ad68-98a463172308 set member wildcard-fqdnExample set color 3 set comment “wildcard-fqdn group” next end
- In the SSL/SSH inspection, add this newly created wildcard-FQDN group or custom:
From GUI:
- Go to Security Profile -> SSL/SSH inspection -> deep inspection profile -> Exempt from SSL Inspection.
- Select '+' sign in Addresses part, where 'create option' is available.
- When 'Create' is selected, Wildcard FQDN and Wildcard FQDN Group options are available.
- Create Wildcard FQDN entry from GUI.
2) While wildcard-FQDN firewall addresses are used in all policies, security profiles, VPN configurations, etc.
From CLI:
# config firewall address edit "fortinet-fqdn" set uuid 96c22534-8a3b-51ea-ad68-98a463172306 set type fqdn set fqdn "*.fortinet.com" next end
From GUI:
- Go to Policy & Objects -> Addresses -> New Address.  |
