Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mahmood_Fraidoon
New Contributor

Policy based on specific URLs

Hello I was wondering if I can create a objects based on URL instead of IP address
10 REPLIES 10
rwpatterson
Valued Contributor III

Yes. Select ' FQDN' from the drop down box. (Fully Qualified Domain Name)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Mahmood_Fraidoon
New Contributor

I tried entering FQDN in different formats, still traffic is not going through that policy. I tried http://www.google.com www.google.com google.com
robertwb2
New Contributor

I am having the same problem. I would like to add a policy based on a certain address, however none of the traffic ever goes thru that Policy with the FQDN, I have moved it to the top of the policy list, I' ve tested it in many different ways, yet the traffic does not flow thru that policy like I have it set. I am also wondering what I am doing wrong. Thanks Robert
Mahmood_Fraidoon
New Contributor

Hello I found the root of my problem. My fortigate was pointing to my ISP DNS where my machine was pointing to domain controller DNS. Therefore both were resolving FQDN to different IPs. Change your fortigate or machine DNS and make them identical. that should solve your issue.
Mahmood_Fraidoon
New Contributor

FGT # diag test application dnsproxy ? 1. Clear dns cache 2. Show stats 3. Dump DNS setting 4. Reload FQDN 5. Requery FQDN 6. Dump FQDN compare it with you nslookup result from your machine.
robertwb2
New Contributor

Hi...thanks for the help! I checked my DNS settings on my Fortigate and they are the same as on my local machine, however, I' m still having trouble with the FQDN What I' m trying to do is Traffic Shape any traffic going to googlevideo.com - I' ve used the application sensors for YouTube, however, seems like we have lots of traffic every day to googlevideo that needs to be put into a lower priority, so I create a new policy and put in the destination as googlevideo.com (which I created as a FQDN in addresses) and put my traffic shaper on it, it still does not work....any hints and tips are much appreciated. THANK YOU Robert
AtiT
Valued Contributor

Hi, try to check the resolved FQDN addresses on Fortigate and client machines by nslookup whether they are the same: diagnose firewall fqdn list You can also try to clear the results with diagnose firewall fqdn flush - and wait what the new IP addresses will be found. They should be the same.

AtiT

AtiT
robertwb2
New Contributor

Ok! Great. Flushing out the cache did do the trick. My next quick question is how do I get it to see the traffic going to a subdomain of googlevideo.com? I know writing it like this: *.googlevideo.com isn' t working for me. Is there a way to even do that? To get all traffic going to " anything" .googlevideo.com to go thru that policy. Thanks so much for the help so far! Robert
Nihas
New Contributor

Hi ,

I want to have the firewall synced with the DNS server.How can i forcefully try to get the IP's against DNS.

I did a dia firewall fqdn flush and now I cannot see any DNS entries on ' dia firewall fqdn list".

 

Please help

Nihas [\b]
Nihas [\b]
Labels
Top Kudoed Authors