Wildcard FQDNs for SSL deep inspection exemptions
As part of an improvement to SSL deep inspection, wild card FQDN addresses are stored in two tables, one relates to firewall address
, historic location for the information, and the second location relates to firewall wildcard-fqdn custom
. The wildcard FQDN in firewall address
is used by proxy-policy
. The wildcard FQDN in firewall wildcard-fqdn custom
is used by ssl-exempt
in ssl-ssh-profile
.
During an upgrade from v5 to v6, all wildcard FQDN in firewall address in the v5 configuration will be moved to firewall wildcard-fqdn custom . If the wildcard FQDN is used in a policy in v5, the upgrade process will leave a copy of the wildcard FQDN in firewall address in addition to the one in firewall wildcard-fqdn custom . |
Syntax of the firewall wildcard-fqdn custom object:
config firewall wildcard-fqdn custom
edit <string_value>
set uuid <string_value>
set wildcard-fqdn <string_value>
set color <integer 0-32>
set comment <string_value>
set visibility {enable|disable}
next
end
Syntax of the firewall wildcard-fqdn group object:
config firewall wildcard-fqdn group
edit "test-group"
set uuid <string_value>
set member <string_value> [<string_value>]
set color 0
set comment ''
set visibility enable
next
end
In the CLI, separate group members with a space. |