Zywall 110 - Declare a wildcard FQDN in object?

drouboyboy · February 2019

Hi,

Is there a way to authorize or drop output traffic based on a wildcard FQDN?

My goal is to be able to reject all output traffic per default and authorize only output traffic that I want.

Example: I'd like to authorize all traffic to *.outlook.office.com

I've tried using Object ==> Address/Geo IP ==> wildcard FQDN but objects don't accept wildcard syntax.

Thanks.

zyman2008 · February 2019

Hi,
With 4.30 or above firmware you can use FQDN type address object.

But you also can use Content Filter function to control only allow access specific web sites.
https://businessforum.zyxel.com/discussion/2230/block-all-internet-traffics-form-the-particular-device-except-some-websites#latest

zyman2008 · February 2019

Hi @PeterUK,
ZyWALL will inspect the response of DNS query to get IP addresses.
Here you can test,
1. Create a wildcard FQDN address object "*.outlook.com"
2. Create a firewall rule and select this FQDN address object as destination.
3. Query "www.outlook.com" or "autodiscover.outlook.com" from PC behind ZyWALL
4. Login ZyWALL GUI, go to Monitor > System Status > FQDN Object
You will get IP addresses what ZyWALL inspected.

Here my test,

Since there are more and more cloud based applications that could hosted on the same cloud instance(same IP address). It might block other applications with same IP address.
So that I'd prefer to use Content filter to block web request.

zyman2008 · February 2019

Hi,
With 4.30 or above firmware you can use FQDN type address object.

But you also can use Content Filter function to control only allow access specific web sites.
https://businessforum.zyxel.com/discussion/2230/block-all-internet-traffics-form-the-particular-device-except-some-websites#latest

PeterUK · February 2019

I can't see how like *.outlook.com would work for the FQDN type address object because how would it know what to lookup the IP for like test1.outlook.com or test2.outlook.com and so on?

zyman2008 · February 2019

Hi @PeterUK,
ZyWALL will inspect the response of DNS query to get IP addresses.
Here you can test,
1. Create a wildcard FQDN address object "*.outlook.com"
2. Create a firewall rule and select this FQDN address object as destination.
3. Query "www.outlook.com" or "autodiscover.outlook.com" from PC behind ZyWALL
4. Login ZyWALL GUI, go to Monitor > System Status > FQDN Object
You will get IP addresses what ZyWALL inspected.

Here my test,

Since there are more and more cloud based applications that could hosted on the same cloud instance(same IP address). It might block other applications with same IP address.
So that I'd prefer to use Content filter to block web request.

drouboyboy · February 2019

Hi,

It works also fine for me with several wildcard.

zyman2008, thanks a lot for your answer!

Seb.

PeterUK · February 2019

Still don't get how it works unless you do the request to ZyWALL? Since I have a bind server requests are done by it unless the ZyWALL transparently ever on a bridge listens for DNS queries and then maps for "*.outlook.com" FQDN address object?

Currently my understanding of FQDN address object is it pre looks up the address like for outlook.com without you doing a lookup.

Edit I think I just answered my own question! really cool how it works!

Zywall 110 - Declare a wildcard FQDN in object?

Best Answers

All Replies

Categories

Security Highlight

Security Help Center