Firewall Rule with FQDN

Question

I'm trying to build a business rule for incoming traffic from an fqdn resolved host. As you can see in the image, I have a rule that allows network traffic from two objects. One is an IP address object and the other is an FQDN host that resolves to the exact same IP when I hover over it or issue a DHCP lookup. However, if I set this rule with only the FQDN object in place on the Allowed Client Networks section, traffic is blocked from the host. If I make the rule to include the IP address object in the Allowed Client Network section, it works perfectly (obviously I can leave the FQDN object off completely in this case and it still works).

Is there something I'm missing? This type of rule worked perfectly under my UTM 9 setup using an FQDN.

This thread was automatically locked due to age.

Is there something I'm missing? This type of rule worked perfectly under my UTM 9 setup using an FQDN.

lferrara · Accepted Answer

Brian, 
 as Sachin wrote, both entries are needed. 
 If you did not set the reverse dns lookup, so XG uses only IP addresses. You are correct, UTM9 is able to handle this type of queries using only forward lookup queries. 
 Hope they will change this behaviour! 
 [:(]

sachingurung · Answer

Hi Brian, 
 Not sure, but create a DNS host entry to resolve the FQDN host on XG. Go to, System> Network > DNS> Static host entry. 
 Take SSH to XG and go to option 4. Device console. Execute, 
 tcpdump 'host xyz.com and port 8920 
 and 
 tcpdump 'host x.x.x.x and port 8920 
 Post the output.