Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PeterTWJ
New Contributor

Traffic Shaping with Wildcard Policy (FortiGate 5.4 or 5.6)

Hi all, I would like to clarify, is traffic shaping with wildcard FQDN address possible in FortiOS 5.4 or 5.6? Currently, I am using FortiGate 100D, FortiOS 5.4.3. I would need to control the bandwidth limit of accessing several URLs with wildcard FQDN, while the rest of the addresses runs without bandwidth limitation. Please advise Thank You Peter

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

I don't think so because of below warned at Online Help: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Addres...

 

"Wildcard FQDN addresses do not resolve to a specific set of IP addresses in the same way that a normal FQDN addresss does. They are intended for use in SSL exemptions and should not be used as source or destination addresses in policies."

 

PeterTWJ

Hi Toshi,

 

Does Fortinet have a future plan to support Wildcard FQDN address for firewall policy in the next FortiOS release? As I have used Palo Alto previously, and they support Wildcard FQDN address for firewall policy. Please advise Thank You Peter

Toshi_Esumi

I don't know anything about Palo Alto, so hoping somebody else would chime in. I have no ideal how Palo Alto control traffic-shaping per policy with a wildcard FQDN, but must be counting only protocol that carries destination URL, ex. http://www.example.com access would be included if you set *.example.com but ping packets to www.example.com wouldn't be included because the URL is resolved to an IP before hitting the FW and ping packet doesn't include the URL.

And of course I don't know Fortinet future plan since I'm not not an insider.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors