Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pachavez
Staff & Editor
Staff & Editor

Created on ‎06-05-2024 10:45 PM Edited on ‎05-23-2025 04:42 AM By Moderator

Article Id 319297

Troubleshooting Tip: FQDN shows unresolved on Firewall Policy GUI ‘This policy has the following issues: It is using unresolved FQDN(s).’

Description This article describes how to remove the error message ‘This policy has the following issues: It is using unresolved FQDN(s). from Policy & Objects -> Firewall Policy.
Scope FortiGate v7.2.8.
Solution

In this example, the FQDN address ‘support.fortinet.com’ is applied to the destination address of the firewall policy.

 

On the GUI, go under Policy & Objects -> Firewall Policy, when using the FQDN address object, the error message shows: 'This policy has the following issues: It is using unresolved FQDN(s)'.

 

1.png

 

When checking on the FortiGate, the FQDN resolves correctly.

 

FG-VM # execute ping support.fortinet.com
PING support.fortinet.com (63.137.229.1): 56 data bytes

 

FG-VM # diagnose test application dnsproxy 6
worker idx: 0
vfid=0 name=support.fortinet.com ver=IPv4 wait_list=0 timer=59 min_refresh=60 min_ttl=360 cache_ttl=0 slot=-1 num=1 wildcard=0
63.137.229.1 (ttl=360:65:65)

 

FG-VM # diagnose firewall fqdn list-ip

 

fqdn_u 0x10d938c5 support.fortinet.com: type:(1) ID(80) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 63.137.229.1
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.

 

This is a cosmetic issue on GUI, under Policy & Objects -> Firewall Policy, it does not affect the functionality of the device since the FortiGate can resolve the FQDN.

 

Resolution:

To fix the error, create the Address Group object, then add the FQDN Address object ‘support.fortinet.com’ on the configured Address Group. After configuring the Address Group, apply this to the firewall policy.

 

  1. On the GUI, go to Policy & Objects -> Addresses, select 'Create New', select 'Address Group', enter 'Group name', on the Members, add the address 'support.fortinet.com', and select 'OK' to save the changes.

 

3.PNG

 

  1. Go to Firewall Policy, select the policy 'Fortinet', remove the address ‘support.fortinet.com’, then add the configured Address Group 'FQDN-Group' which includes the FQDN ‘support.fortinet.com’ and select 'OK' to save changes.

 

5.PNG

 

After changes are made, the error message should be gone.

 

The permanent fix will be included in the next firmware release, FortiOS v7.2.9, v7.4.4, and v7.6.0 or later.

 

Related documents:

Troubleshooting Tip: FQDN address object shows unresolved in GUI after upgrading to FortiOS v7.2.6 o...
Labels:
7576
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.