How to allow a whole domain?

HI ShunzeLee, 

Option 1: Allow By firewall rule : You may create FQDN rule with no policy applied. As for the domain your sub-domain would resolve with another address then you would need to add the. 

Eg:  abc.abc.com- . 1.1.1.1

xyz.abc.com- . 1.1.1.2

adc.abc.com -> 1.1.1.2

Then the FQDN you may add domain abc.abc.com and adc.abc.com as they resolve different host addresses. 

Option 2 : Bypass from Web filter/Http/Https scanning . You may add an exception on the web filter, 

EG  ^([A-Za-z0-9.-]*\.)?demo\.com/

Option 1 is the way that I knew.

But it does not work when user can't make sure how many FQDN that they have.

For example, how to allow whole yahoo.com domain?

User can't know how many FQDN that yahoo.com have... 

Option 2 can allow other protocol?

Such as FTP, DNS, SSH, RDP and so on.

I don't agree this way can allow all protocol...

ShunzeLee,

create a FQDN Host under Host and Services and then use it under Firewall rule.

See the screenshot.

XG know all the IP of microsoft.com domain.

Regards

ShunzeLee,

create a FQDN Host under Host and Services and then use it under Firewall rule.

See the screenshot.

XG know all the IP of microsoft.com domain.

Regards

Thank Luk.

But this also shows sub domain? 

Shunze,

can you give an example?

Thanks

Afiter I  allow the yahoo.com FQDN,

will it also allow the tw.yahoo.com, tw.bid.yahoo.com, tw.news.yahoo.com ?

You have to test it, Shunze.

I tried to block Microsoft.com domains, but it does not work.

[:(]

I have tried it.

It doesn't work too...

In the tab, it is called FQDN. Although D stands for domain, it's more a fully qualified host name.  It only resolves to A (and maybe AAAA) records of a FQDN, not all A records for  *.domain.com

For example , in nslookup, lookup microsoft.com and ftp.microsoft.com....

Thanks, I knew it.

And also knew that XG can't allow/block a whole *.demo.com domain.