07-10-2019 04:46 PM - edited 02-21-2020 09:17 AM
Hi Guys,
We are migrating from SOPHOS UTM to FTD/FMC and i'm in my documentation stage.
SOPHOS has an object called a "DNS Group" object, this can be used anywhere in the firewall, essentially this object will query and store all IPs for the destination in the variable, and keep it updated, see below;
As you can see, the object "s3-ap-southeast-2.amazonaws.com" has picked up 106 IP Addresses, and i use this object in a firewall rule to allow traffic to this destination.....
Can this be done with FTD/FMC?
If so, great! how would i find out what IPs have been resolved?
If not.....what could i do as a work around, beside inputting 106 IP Addresses into a group...
Solved! Go to Solution.
07-17-2019 07:46 PM
The FQDN needs to be fully qualified. The FTD device doesn't know to append a local domain.
Note that FQDN objects can only be used in Access Control and prefilter rules. You must have setup DNS both as a DNS Server Group object in FMC as well as per device that will be using the objects (Devices > Platform Settings and then "Enable DNS name resolution by device").
07-11-2019 05:35 AM
If it's used in an ACL, you can simply use the FQDN directly.
07-11-2019 03:51 PM
So it will pickup all 106 IP Addresses?
07-11-2019 09:57 PM
More or less - it will evaluate traffic as to whether it matches any of the addresses that resolve from that FQDN.
07-17-2019 04:52 PM
07-17-2019 07:46 PM
The FQDN needs to be fully qualified. The FTD device doesn't know to append a local domain.
Note that FQDN objects can only be used in Access Control and prefilter rules. You must have setup DNS both as a DNS Server Group object in FMC as well as per device that will be using the objects (Devices > Platform Settings and then "Enable DNS name resolution by device").
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide