Hi @gabriel-silva,

It is not supported to use a domain name as the peer endpoint (tunnel destination) as part of the native configuration from my experience of configuring VPNs using many FTDs managed by the FMC and through many other firewalls. The common suggested workaround is using a dynamic peer and use a remote identity. The problem is that a tunnel is then permitted to form from any remote VPN peer, provided that they supply valid credentials (e.g. PSK/certificate). This is due to VPN peer being configured as dynamic (any remote IP is allowed to form a tunnel), which also has its own restrictions that may prevent the tunnel from forming (e.g. the remote side has to initiate the connection because the FTD is not configured with an explicit destination vpn peer). Therefore for additional security you could restrict access using an ACL. However, FTD Access Policies are applied to traffic traversing through the FTD, not traffic to the FTD so you would not filter this using the FTD Access Policy. You would have to restrict access on an upstream device capable of filtering VPN connection attempts based on the domain name (FQDN rule) as the only other way to do that on an FTD would (potentially?) be a control-plane filter which would not support ACLs referencing FQDNs as they match based on the traditional standard/extended ACLs that you define as an object, these are analogous to the IOS and IOS-XE router/switch ACLs.

Hope that helps, let me know if anything is confusing!