This article describes how to configure wildcard-FQDN custom and group from CLI and GUI.

Wildcard-FQDN is created in two tables:

- Under firewall wildcard- FQDN custom from CLI and GUI.

- Under firewall addresses, type set to FQDN to create any wildcard entry.

Note.

Option one GUI is changed from 6.2 versions as separate option is available under Addresses -> WildcardFQDN till 6.0 versions but now it is available from  SSL/SSH inspection only.

1) Wildcard-FQDN custom and group used only in ssl/ssh deep inspection to exempt any wildcard FQDN under ssl-exempt.

From CLI:

# config firewall wildcard-fqdn custom

    edit “wildcard-fqdnExample”

        set uuid 96c22534-8a3b-51ea-ad68-98a463172307

        set wildcard-fqdn “*.facebook.com”

        set color 3

        set comment “wildcard-fqdn custom

    next

end

# config firewall wildcard-fqdn group

    edit “wildcard-fqdnGroupExample”

        set uuid 96c22534-8a3b-51ea-ad68-98a463172308

        set member wildcard-fqdnExample

        set color 3

        set comment “wildcard-fqdn group”

     next

end

- In the SSL/SSH inspection, add this newly created wildcard-FQDN group or custom:

From GUI:

- Go to Security Profile -> SSL/SSH inspection -> deep inspection profile -> Exempt from SSL Inspection.

- Select '+' sign in Addresses part, where 'create option' is available.

- When 'Create' is selected, Wildcard FQDN and Wildcard FQDN Group options are available.

- Create Wildcard FQDN entry from GUI.

2) While wildcard-FQDN firewall addresses are used in all policies, security profiles, VPN configurations, etc.

From CLI:

# config firewall address

    edit "fortinet-fqdn"

        set uuid 96c22534-8a3b-51ea-ad68-98a463172306

        set type fqdn

        set fqdn "*.fortinet.com"

    next

end

From GUI:

- Go to Policy & Objects -> Addresses -> New Address.