Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kinmun
New Contributor II

some new address objects does not appear

i created some wildcard FQDN type of address objects but it does not appear as destination objects when i try to create rules.

my firmware is 5.4.4, FG300D

 

am i missing something ?

5 REPLIES 5
Hosemacht
Contributor II

Hi there,

 

try to set interface to any and check if it appears then.

 

Regards

sudo apt-get-rekt

sudo apt-get-rekt
Toshi_Esumi
SuperUser
SuperUser

Read the caution in the online manual below. It can't be used as an address object in a policy.

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Addres...

 

kinmun
New Contributor II

ok, looks like i cant use wildcard FQDN as address objects

sw2090

hm I gues that's because a FQDN with a  wildcard in it is not a valid FQDN is it?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Toshi_Esumi

As the caution states, it's simply because FGT tries to resolve any address objects in the policy with a DNS server, which would fail because of the wildcard. 5.6 expanded "Internet Service" feature to policies to cover the same concept with wildcard FQDN has.

http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-whats-new/Top-Firewall-internet-servi...

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors