This article describes the usage of wildcard FQDN.
Any supported version of FortiGate.
Support for wildcard FQDN addresses in firewall policy has been included in FortiOS 6.2.2.
A wildcard FQDN can be configured from either the GUI or CLI.
From the GUI:
Go to Policy & Objects -> Addresses -> New Address.
In the screenshot below, *.fortinet.com is used as a wildcard FQDN.
In FortiOS 7.4.0 and above, the 'fqdn-max-refresh' timer can be modified.
The 'fqdn-max-refresh' setting is utilized to set the global upper limit for the FQDN refresh timer. If any FQDN entries have a TTL interval longer than the 'fqdn-max-refresh' value, their refresh timer will be reduced to this predefined upper limit. By using this setting, the FortiGate can control the maximum interval for querying DNS updates for its FQDN addresses, allowing more control over DNS caching behavior.
config system dns
set fqdn-max-refresh <integer> -> FQDN cache maximum refresh time, in seconds (3600 - 86400, default = 3600).