Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 5086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

allowing a specific subdomain FQDN host

Heartwood Hub

 Hello,  I have  a  LAN to WAN rule that allows access to a certain website on the LAN without needing to sign into the captive portal. 

I"m trying to allow a specific subdomain but I'm having difficulty.

 

If I wanna allow all subdomains.  I would create a FQDN  such as *.example.com  this would allow all subdomains of example.com which works great. 

but if I create a host such as subdomain.example.com   I would expect only that specific subdomain to be allowed, but for some reason it still allows the whole domain.

any help would be greatly appreciated.

 

Thank much !!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    results verified via policy tester,

         all levels of domain example.com are passed,    so even if   subdomain1.example.com  is what the FQDN is.    all others are accepted as well.   

    all other domains are rejected.   

     

    the desired outcome is only to pass a specific subdomain.   such as subdomain1.example.com  

     

  • 0 in reply to Heartwood Hub

    Hi Heartwood ,

    You may add a FQDN Group of the Subdomains you wish to allow. Now if you wish to deny the rest then this rule should apply as per the KB article mentioned.

    Related KB https://community.sophos.com/kb/en-us/123035

  • 0 in reply to Aditya Patel

    Gotcha,    Perhaps I'm not understanding you.   I created a policy as stated in the article above.  I created a FQDN Host of the subdomain subdomain1.example.com 

    But by this statement "Now if you wish to deny the rest then this rule should apply as per the KB article mentioned."  does that mean that all other subdomains should be blocked?

    Because all subdomains are allowed still.   I'm unclear as to how to block the other subdomains that I don't want.

    Such as allow subdomain1.example.com   but deny subdomain2.example.com   

     

     

  • 0 in reply to Heartwood Hub

    Hi Heartwood ,

    If you have added the subdomain 1 in the FQDN rule, it does not mean others will be blocked. It would mean that it would not be allowed in that rule and for the ones that does not match the rule , it will check the other rules set from top to bottom priority. 

     

    Could you check using Packet capture if the subdomain 2 is going through the same rule as FQDN ?