Fortinet black logo

Handbook

Wildcard FQDNs for SSL deep inspection exemptions

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:29858
Download PDF

Wildcard FQDNs for SSL deep inspection exemptions

As part of an improvement to SSL deep inspection, wild card FQDN addresses are stored in two tables, one relates to firewall address, historic location for the information, and the second location relates to firewall wildcard-fqdn custom. The wildcard FQDN in firewall address is used by proxy-policy. The wildcard FQDN in firewall wildcard-fqdn custom is used by ssl-exempt in ssl-ssh-profile.

note icon During an upgrade from v5 to v6, all wildcard FQDN in firewall address in the v5 configuration will be moved to firewall wildcard-fqdn custom. If the wildcard FQDN is used in a policy in v5, the upgrade process will leave a copy of the wildcard FQDN in firewall address in addition to the one in firewall wildcard-fqdn custom.
Syntax of the firewall wildcard-fqdn custom object:

config firewall wildcard-fqdn custom

edit <string_value>

set uuid <string_value>

set wildcard-fqdn <string_value>

set color <integer 0-32>

set comment <string_value>

set visibility {enable|disable}

next

end

Syntax of the firewall wildcard-fqdn group object:

config firewall wildcard-fqdn group

edit "test-group"

set uuid <string_value>

set member <string_value> [<string_value>]

set color 0

set comment ''

set visibility enable

next

end

note icon In the CLI, separate group members with a space.

Wildcard FQDNs for SSL deep inspection exemptions

As part of an improvement to SSL deep inspection, wild card FQDN addresses are stored in two tables, one relates to firewall address, historic location for the information, and the second location relates to firewall wildcard-fqdn custom. The wildcard FQDN in firewall address is used by proxy-policy. The wildcard FQDN in firewall wildcard-fqdn custom is used by ssl-exempt in ssl-ssh-profile.

note icon During an upgrade from v5 to v6, all wildcard FQDN in firewall address in the v5 configuration will be moved to firewall wildcard-fqdn custom. If the wildcard FQDN is used in a policy in v5, the upgrade process will leave a copy of the wildcard FQDN in firewall address in addition to the one in firewall wildcard-fqdn custom.
Syntax of the firewall wildcard-fqdn custom object:

config firewall wildcard-fqdn custom

edit <string_value>

set uuid <string_value>

set wildcard-fqdn <string_value>

set color <integer 0-32>

set comment <string_value>

set visibility {enable|disable}

next

end

Syntax of the firewall wildcard-fqdn group object:

config firewall wildcard-fqdn group

edit "test-group"

set uuid <string_value>

set member <string_value> [<string_value>]

set color 0

set comment ''

set visibility enable

next

end

note icon In the CLI, separate group members with a space.