Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
luca1994
New Contributor III

Question about wildcard objects

Hello team,

 

I have an argument to share and would also like your opinion.
If I create a wildcard FQDN object *.pluto.com qwhen the client does dns traffic I also get sub domains resolved for example foo.pluto.com duck.pluto.com etc.
Now if by chance a subdomain is malevo this is resolved anyway and the fqdn wildcard object is updated with the malevoo ip. What advice can you give me to fix this problem? Or maybe it is not necessary if you configure other security profiles ad hoc?

 

Thanks

BR

1 Solution
AEK

Hi Luca

This can't be handled at object level, but at web filter or so.

So you can still use the same object but just add a web filter profile if it is for web access.

AEK

View solution in original post

AEK
4 REPLIES 4
AEK
SuperUser
SuperUser

Hi Luca

In your case the wildcard object will contain the 3 FQDN with their IP address. Can you explain what is exactly the problem?

AEK
AEK
luca1994
New Contributor III

Hello @AEK ,

 

I meant if a malicious fqdn ip is resolved because for example if foo.pluto.com is a malicious subdomain this is resolved and the FQDN wildcard object is updated with the malicious ip address

 

BR

AEK

Hi Luca

This can't be handled at object level, but at web filter or so.

So you can still use the same object but just add a web filter profile if it is for web access.

AEK
AEK
rosatechnocrat
Contributor II

Nothing can be done from FQDN resolution perspective. Instead you can Web Filter profile to block traffic going to malicious domains. 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
Labels
Top Kudoed Authors