Forum Discussion
koji_aizawa_177
Nimbostratus
NimbostratusIs it possible that can set rules as FQDN?
I'm searching for firewall which can set outbound-rules as FQDN.
If ANF can, I'd like to try it!!
I really appreciate if you cooperate with me...
thanks.
6 Replies
Hannes_RappAs far as I'm aware, you you will not be able to use FQDN-based rule set in AFM. At this point you can only use FQDN to define LTM objects, such as pool members.
From TMOS version 12.0 forward you can use FQDN's in AFM network firewall rules!
Ed_SummersInteresting! My caution to the original poster would be to verify functionality of this AFM capability versus your particular deployment. Have run into issues on some platforms when using FQDN/FQHN in policies especially for those having a low TTL in their DNS record. Recommend reviewing how large your ruleset will be including how many entries will have a FQDN and speak with your SE on how AFM will perform given these conditions.
M_QuevedoFrom TMOS version 12.0 forward you can use FQDN's in AFM network firewall rules!
- Ed_SummersInteresting! My caution to the original poster would be to verify functionality of this AFM capability versus your particular deployment. Have run into issues on some platforms when using FQDN/FQHN in policies especially for those having a low TTL in their DNS record. Recommend reviewing how large your ruleset will be including how many entries will have a FQDN and speak with your SE on how AFM will perform given these conditions.
PhilWeke_278805You need to set the cache value low if the TTL is low, min is 10 minutes seems to work OK then
Also looks like there is a hard 256 entries allowed for all objects
