Hello ya'lll.I'm having an issue, and I have no doubt I'm missing
something simple, but try as I might I can't figure it out. I'm setting
up some Policies for "bypass" to allow servers to get out to the
Internet for updates for certain products, and ...
Unfortunately, I can't point all DNS to the firewall. Too much
AD/LDAP/misc integration. While it's possible this may work, even if it
does, it wouldn't be a tenable solution. Thanks regardless.
Thanks for the assist!Indeed, I only have a single "deny" rule for each
"zone to zone" policy, and that is at the very bottom.I don't use URL
filtering currently. Essentially, all of the "NGFW" features of this box
are effectively "off". It's just ac...
Thanks for the reply! I'm using FQDN and wildcard specification for
this.Specific to "chocolately.org", the FG is saying "unresolved FQDN".
However, we have this same problem on many, many other domains, that do
resolve the wildcard addresses.Example...
nothing helpful. "Policy violation"Again, the frustrating thing is that
both the SRC and DST ips/FQND's have a policy to ALLOW the very traffic
that's being blocked. I don't understand how they're slipping through
the respective "allow" policies. -jb
