08-14-2012 07:01 AM
Hi,
i want to place a policy with fqdn entrys completed with wildcards.
e.g.
Our PCs have names like this:
LABPC01, LABPC02, LABPC03
Now i want to deny the internet traffic for every PC with the name LABPC*
But i also want to allow it to a special list of pcs.
I wanted to use a policy with fqdn entrys - but i'm not allowed.
When i want to do an address object, an error occurs: The value does not fit the validation
Can someone please help me out?
Thank you!
axel
08-20-2012 04:04 PM
The FQDN in an address object (instead of IP address) will be resolved into an ip address during commit (and then refreshed every 20 minutes or so).
I would recommend you to avoid using FQDN in your address objects and instead redesign your network so your lab-pc's is on the same (or a few) /24 networks (or how large you need) and then set the security policy based on iprange. Perhaps in combination with userid (either through pan-agent or by captive portal).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
