fqdn - policies - wildcard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

fqdn - policies - wildcard

Not applicable

Hi,

i want to place a policy with fqdn entrys completed with wildcards.

e.g.

Our PCs have names like this:

LABPC01, LABPC02, LABPC03

Now i want to deny the internet traffic for every PC with the name LABPC*

But i also want to allow it to a special list of pcs.

I wanted to use a policy with fqdn entrys - but i'm not allowed.

When i want to do an address object, an error occurs: The value does not fit the validation

Can someone please help me out?

Thank you!

axel

1 REPLY 1

L6 Presenter

The FQDN in an address object (instead of IP address) will be resolved into an ip address during commit (and then refreshed every 20 minutes or so).

I would recommend you to avoid using FQDN in your address objects and instead redesign your network so your lab-pc's is on the same (or a few) /24 networks (or how large you need) and then set the security policy based on iprange. Perhaps in combination with userid (either through pan-agent or by captive portal).

  • 2785 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!