Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Create firewall rule for CDN zimbra


how could I create firewall rule that allow web access to "" every time when I ping this site I get respond from other * server with different ip.

I have created a rule with destination fqdn "" but fortigate is resolving different ip that when this domain is pinged. So this rule do not work and I don't have access. 

Fortigate resolve this domain:


when I ping this site ip addresses are different every time:




As far as DNS goes, the only thing you can do is ensure that both the FortiGate and your client PC use the same DNS server (e.g. internal DC with DNS role). Done this way, the chances for the FQDN resolving differently should be minimised.

[ test signature, please ignore ]

Hi Tutek,


-Make sure  the DNS settings on FortiGate and the client machine are the same so that they resolve to the same IP addresses.

- If the issue still persists after configuring the same DNS  both FortiGate and client machine and if the destination FQDN resolves to a different IP very frequently, try using a wildcard FQDN object instead of the full regular FQDN.

- Below are KBs that explain how a wildcard FQDN works


Please let me know if that helps.


Thank you,



New Contributor

Client (accesing zimbra repo):

-dns set to google


root@srv:/home/# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=244 time=7.15 ms
64 bytes from ( icmp_seq=2 ttl=244 time=7.33 ms
64 bytes from ( icmp_seq=3 ttl=244 time=6.97 ms




My pc with the same dns google:


Pinging [] with 32 bytes of data:
Reply from bytes=32 time=7ms TTL=244
Reply from bytes=32 time=7ms TTL=244
Reply from bytes=32 time=7ms TTL=244
Reply from bytes=32 time=7ms TTL=244


When I set on fortigate in policy destination as * then it resolve to:

(fortigate has fortiguard dns servers)