Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bfig90
New Contributor III

Created on ‎01-30-2025 06:39 AM

FortiGate not resolving TrendMicro.com IPs

Dear support,

 

TrendMicro Worry-Free Business Security Services (WFBS-SVC) provides the different URLs that can be used as reference for troubleshooting purposes (e.g. allow listing from firewall or proxy server): https://success.trendmicro.com/en-US/solution/KA-0006176

In FortiGate we created a rule, allowing as destination a new address: trendmicro.com (fqdn) but we noticed that it is resolving only to 1 IP. TrendMicro use more than 1 IP.

 

2025-01-30_15-37.png

 

Also we tried using the FortiGate Internet services but without any luck. Can you support me ?

 

Thank You 

Labels:
314
0 Kudos
4 REPLIES 4
Ylli_Seitaj
Staff
Staff

Created on ‎01-31-2025 11:53 AM

Hello,

 

Please try to configure "cache-ttl" to 86400 seconds, if you have not configured it already. Please find the command below:

 

config firewall address
    edit "trendmicro.com"
        set cache-ttl 86400       
    next
end

 

Please let me know if the issue will be fixed after above change.

 

Best Regards,

Ylli






292
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎02-01-2025 02:17 PM

Hi @bfig90 ,

 

What DNS server are you using on your client and FGT?

 

And can you query the DNS record of "trendmicro.com"?

 

I tried with Google DNS server and got 1 resolved IP only as below:

> server 8.8.8.8
Default Server: dns.google
Address: 8.8.8.8

> trendmicro.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: trendmicro.com
Address: 150.70.232.194

>

 

So it seems that this is not an FGT issue, it is a DNS issue.

Regards,

Jerry
222
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to dingjerry_FTNT

Created on ‎02-01-2025 02:24 PM

Hi @bfig90 ,

 

You can even use this website to query the DNS:

 

https://mxtoolbox.com/SuperTool.aspx?action=dns%3atrendmicro.com

Regards,

Jerry
215
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎02-02-2025 03:37 AM

I think that the dns is being resolved based on geolocation query or something similar.

If you are doing a query from EU you would get a different IP vs a query done from US for example.

From cli you can check all the IPs that are being resolved, as described here https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-verify-the-FDQN-IP-address-in... 

"jack of all trades, master of none"
"jack of all trades, master of none"
177
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.