Fortinet black logo

Handbook

Wildcard FQDN

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:476729
Download PDF

Wildcard FQDN

There are a number of companies that use secondary and even tertiary domain names or FQDNs for their websites. Wildcard FQDN addresses are to ease the administrative overhead in cases where this occurs. Sometimes its as simple as sites that still use www. as a prefix for their domain name. If you don't know whether or not the www is being used it's simpler to use a wildcard and include all of the possibilities whether it be example.com, www.example.com or even ftp.example.com.

The following wildcard character instances are supported in wildcard FQDN addresses:

  • "?" character
  • "*" character in the middle of a phrase
  • The "?*" combination
caution icon Wildcard FQDN addresses do not resolve to a specific set of IP addresses in the same way that a normal FQDN address does. They are intended for use in SSL exemptions and should not be used as source or destination addresses in policies.

Creating a Fully Qualified Domain Name address

  1. Go to Policy & Objects > Addresses.
  2. Select Create New. A drop down menu is displayed. Select Address
  3. In the Category field, chose Address. (This is for IPv4 addresses.)
  4. Input a Name for the address object.
  5. In the Type field, select Wildcard FQDN from the drop down menu.
  6. Input the domain name in the Wildcard FQDN field.
  7. In the Interface field, leave as the default any or select a specific interface from the drop down menu.
  8. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.
  9. Input any additional information in the Comments field.
  10. Press OK.

Example

Example of a FQDN address for a remote FTP server used by Accounting team:

Field Value
Category Address
Name Example.com_servers
Type Wildcard FQDN
Wildcard FQDN *.example.com
Interface any
Show in Address List [on]
Comments Secondary and tertiary domain names for example.com

Wildcard FQDN

There are a number of companies that use secondary and even tertiary domain names or FQDNs for their websites. Wildcard FQDN addresses are to ease the administrative overhead in cases where this occurs. Sometimes its as simple as sites that still use www. as a prefix for their domain name. If you don't know whether or not the www is being used it's simpler to use a wildcard and include all of the possibilities whether it be example.com, www.example.com or even ftp.example.com.

The following wildcard character instances are supported in wildcard FQDN addresses:

  • "?" character
  • "*" character in the middle of a phrase
  • The "?*" combination
caution icon Wildcard FQDN addresses do not resolve to a specific set of IP addresses in the same way that a normal FQDN address does. They are intended for use in SSL exemptions and should not be used as source or destination addresses in policies.

Creating a Fully Qualified Domain Name address

  1. Go to Policy & Objects > Addresses.
  2. Select Create New. A drop down menu is displayed. Select Address
  3. In the Category field, chose Address. (This is for IPv4 addresses.)
  4. Input a Name for the address object.
  5. In the Type field, select Wildcard FQDN from the drop down menu.
  6. Input the domain name in the Wildcard FQDN field.
  7. In the Interface field, leave as the default any or select a specific interface from the drop down menu.
  8. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.
  9. Input any additional information in the Comments field.
  10. Press OK.

Example

Example of a FQDN address for a remote FTP server used by Accounting team:

Field Value
Category Address
Name Example.com_servers
Type Wildcard FQDN
Wildcard FQDN *.example.com
Interface any
Show in Address List [on]
Comments Secondary and tertiary domain names for example.com