Zywall 110 - Declare a wildcard FQDN in object?
Options
drouboyboy
Posts: 5 
Freshman Member
Freshman Member
Hi,
Is there a way to authorize or drop output traffic based on a wildcard FQDN?
My goal is to be able to reject all output traffic per default and authorize only output traffic that I want.
Example: I'd like to authorize all traffic to *.outlook.office.com
I've tried using Object ==> Address/Geo IP ==> wildcard FQDN but objects don't accept wildcard syntax.
Thanks.
Is there a way to authorize or drop output traffic based on a wildcard FQDN?
My goal is to be able to reject all output traffic per default and authorize only output traffic that I want.
Example: I'd like to authorize all traffic to *.outlook.office.com
I've tried using Object ==> Address/Geo IP ==> wildcard FQDN but objects don't accept wildcard syntax.
Thanks.
0
Best Answers
-
Hi,
With 4.30 or above firmware you can use FQDN type address object.
But you also can use Content Filter function to control only allow access specific web sites.
https://businessforum.zyxel.com/discussion/2230/block-all-internet-traffics-form-the-particular-device-except-some-websites#latest
6 -
Hi @PeterUK,
ZyWALL will inspect the response of DNS query to get IP addresses.
Here you can test,
1. Create a wildcard FQDN address object "*.outlook.com"
2. Create a firewall rule and select this FQDN address object as destination.
3. Query "www.outlook.com" or "autodiscover.outlook.com" from PC behind ZyWALL
4. Login ZyWALL GUI, go to Monitor > System Status > FQDN Object
You will get IP addresses what ZyWALL inspected.
Here my test,
Since there are more and more cloud based applications that could hosted on the same cloud instance(same IP address). It might block other applications with same IP address.
So that I'd prefer to use Content filter to block web request.
6
Master Member
All Replies
-
Hi,
With 4.30 or above firmware you can use FQDN type address object.
But you also can use Content Filter function to control only allow access specific web sites.
https://businessforum.zyxel.com/discussion/2230/block-all-internet-traffics-form-the-particular-device-except-some-websites#latest
6 -
I can't see how like *.outlook.com would work for the FQDN type address object because how would it know what to lookup the IP for like test1.outlook.com or test2.outlook.com and so on?
0 -
Hi @PeterUK,
ZyWALL will inspect the response of DNS query to get IP addresses.
Here you can test,
1. Create a wildcard FQDN address object "*.outlook.com"
2. Create a firewall rule and select this FQDN address object as destination.
3. Query "www.outlook.com" or "autodiscover.outlook.com" from PC behind ZyWALL
4. Login ZyWALL GUI, go to Monitor > System Status > FQDN Object
You will get IP addresses what ZyWALL inspected.
Here my test,
Since there are more and more cloud based applications that could hosted on the same cloud instance(same IP address). It might block other applications with same IP address.
So that I'd prefer to use Content filter to block web request.
6 -
Hi,
It works also fine for me with several wildcard.
zyman2008, thanks a lot for your answer!
Seb.0 -
Still don't get how it works unless you do the request to ZyWALL? Since I have a bind server requests are done by it unless the ZyWALL transparently ever on a bridge listens for DNS queries and then maps for "*.outlook.com" FQDN address object?
Currently my understanding of FQDN address object is it pre looks up the address like for outlook.com without you doing a lookup.
Edit I think I just answered my own question! really cool how it works!
0
Guru Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 476 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight
