Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gcarvalho
New Contributor III

FQDN and Wildcard in the same Policy

Hello everyone!

Is that possible to use a FQDN Wildcard group and a FQDN Group in the same policy as destination? Or each policy needs to have just one of that types?

Cheers,
Gohan
Cheers,Gohan
2 Solutions
abarushka
Staff
Staff

Hello Gui,

 

Can you please elaborate what you are referring to by "FQDN Wildcard group"?

 

You may consider to configure a list of wildcard FQDNs and add them to the address group and use address group in the firewall policy.

 

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/217973/using-wildcard-fqdn-addresses-in...

FortiGate

View solution in original post

akushwaha
Staff
Staff

Hi Gui,

 

I understand you want to use one FQDN Address Group with another Wildcard FQDN Group as Destination address in same Firewall Policy. Yeah you can do it.

Please refer to this article for FQDN as destination address: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/707266/fqdn-addresses

To use Wildcard FQDN please refer to this article :
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-wildcard-FQDN/ta-p/196118


Regards,
Abhimanyu

View solution in original post

6 REPLIES 6
abarushka
Staff
Staff

Hello Gui,

 

Can you please elaborate what you are referring to by "FQDN Wildcard group"?

 

You may consider to configure a list of wildcard FQDNs and add them to the address group and use address group in the firewall policy.

 

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/217973/using-wildcard-fqdn-addresses-in...

FortiGate
gcarvalho
New Contributor III

Hello @abarushka

Of course. I mean a group with some wildcard addresses (URL).

I need to know if it is possible to apply wildcard and simple fqdn address group in the same policy as destination.

Cheers,
Gohan
Cheers,Gohan
abarushka

Hello Gui,

 

I am not aware about such limitation. It also works for me in the lab.

FortiGate
sw2090
SuperUser
SuperUser

hm I tried to use wildcard fqdn recently but I couldn't even select them as destination in a policy hence they didn't appear there at all...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
akushwaha
Staff
Staff

Hi Gui,

 

I understand you want to use one FQDN Address Group with another Wildcard FQDN Group as Destination address in same Firewall Policy. Yeah you can do it.

Please refer to this article for FQDN as destination address: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/707266/fqdn-addresses

To use Wildcard FQDN please refer to this article :
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-wildcard-FQDN/ta-p/196118


Regards,
Abhimanyu

gcarvalho
New Contributor III

Thanks for your reply, Abhimanyu!

Cheers,
Gohan
Cheers,Gohan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors