Hi all, I would like to clarify, is traffic shaping with wildcard FQDN address possible in FortiOS 5.4 or 5.6? Currently, I am using FortiGate 100D, FortiOS 5.4.3. I would need to control the bandwidth limit of accessing several URLs with wildcard FQDN, while the rest of the addresses runs without bandwidth limitation. Please advise Thank You Peter
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't think so because of below warned at Online Help: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Addres...
"Wildcard FQDN addresses do not resolve to a specific set of IP addresses in the same way that a normal FQDN addresss does. They are intended for use in SSL exemptions and should not be used as source or destination addresses in policies."
Hi Toshi,
Does Fortinet have a future plan to support Wildcard FQDN address for firewall policy in the next FortiOS release? As I have used Palo Alto previously, and they support Wildcard FQDN address for firewall policy. Please advise Thank You Peter
I don't know anything about Palo Alto, so hoping somebody else would chime in. I have no ideal how Palo Alto control traffic-shaping per policy with a wildcard FQDN, but must be counting only protocol that carries destination URL, ex. http://www.example.com access would be included if you set *.example.com but ping packets to www.example.com wouldn't be included because the URL is resolved to an IP before hitting the FW and ping packet doesn't include the URL.
And of course I don't know Fortinet future plan since I'm not not an insider.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.