Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bfig90
New Contributor III

Created on ‎01-30-2025 06:42 AM

TrendMicro Worry-Free Business Security Services (WFBS-SVC) not resolving in FortiGate

Dears,

 

TrendMicro Worry-Free Business Security Services (WFBS-SVC) provides different URLs used as reference for allowing listing from firewall or proxy server.

 

We created a rule in FortiGate using FQDN trendmicro.com but it is not working and it is resolving in only 1 IP. TrendMicro has more than 1. How we can resolve this ?

2025-01-30_15-37.png

 

Thank You 

 

 

Labels:
415
0 Kudos
1 Solution
vifi
Staff
Staff
In response to bfig90

Created on ‎01-30-2025 07:19 AM

Hi,
Yes, wildcard FQDN *.trendmicro.com will allow all subdomains of trendmicro.com.

View solution in original post

385
0 Kudos
5 REPLIES 5
Hassan97wsh
Staff
Staff

Created on ‎01-30-2025 07:01 AM

Hi bfig90,

FortiGate uses the configured DNS servers in (Network>DNS) to resolve the IP of the given FQDN. If the DNS server only returns one IP, FortiGate will use that IP. FortiGate will also re-query the FQDN to get the latest IP.

If the IP changes in the answer, FortiGate will just simply replace it. This is not an issue if both FortiGate and the clients behind the FortiGate are configured with the same DNS server (i.e. same internal DNS server that will cache the IP of trendmicro.com) and receiving the same IP.

Please, refer to the community article below.

How to use the FQDN address object in For... - Fortinet Community

Hassan
TAC Engineer
404
0 Kudos
bfig90
New Contributor III
In response to Hassan97wsh

Created on ‎01-30-2025 07:04 AM Edited on ‎01-30-2025 07:07 AM

Yes you right. My mistake. I want to resolve *.trendmicro.com in fortigate ? So it will allow all subdomains of trendmicro.com i.e: abc.trendmicro.com; xyz.trendmicro.com etc ? 

396
0 Kudos
vifi
Staff
Staff
In response to bfig90

Created on ‎01-30-2025 07:19 AM

Hi,
Yes, wildcard FQDN *.trendmicro.com will allow all subdomains of trendmicro.com.

386
0 Kudos
bfig90
New Contributor III
In response to vifi

Created on ‎01-30-2025 07:31 AM

Thank You @vifi It worked

352
Hassan97wsh
Staff
Staff
In response to bfig90

Created on ‎01-31-2025 12:45 AM

Wildcard FQDN should cover all the subdomains, but you have to make sure the DNS queries sent by the client must pass through the FortiGate. Because unlike normal FQDNs, FortiGate does not activly sends queries for wildcard FQDNs. Instead, FortiGate inspects the DNS queries and replies passing through it.

 

Check the highlited part in this article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-wildcard-FQDN/ta-p/196118#:~:text=...).

Hassan
TAC Engineer
305
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.