Synchronize wildcard FQDN resolved addresses to autoscale peers
This enhancement synchronizes wildcard FQDN IPs to other autoscale members whenever a peer learns of a wildcard FQDN address.
The following example uses an AWS deployment.
To synchronize wildcard FQDN resolved addresses to autoscale peers:
- Configure an FG-AWS autoscale group with one primary and two secondary FortiGates (see Deploying autoscaling on AWS in the AWS Administration Guide).
- On the primary FortiGate, configure a wildcard FQDN firewall address for
*.cnn.com(see Using wildcard FQDN addresses in firewall policies in the FortiOS Administration Guide). The configuration will be synchronized between all autoscale peers.
To verify the wildcard FQDN resolved address synchronization:
- On the primary FortiGate, ping
www.cnn.com:# execute ping www.cnn.com PING turner-tls.map.fastly.net (***.232.65.67): 56 data bytes 64 bytes from ***.232.65.67: icmp_seq=0 ttl=52 time=0.4 ms 64 bytes from ***.232.65.67: icmp_seq=1 ttl=52 time=0.4 ms
- View the list of resolved IP addresses of wildcard FQDN objects:
# diagnose firewall fqdn list List all FQDN: *.cnn.com: ID(4) ADDR(***.232.65.67)
- On the secondary-1 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
# diagnose firewall fqdn list List all FQDN: *.cnn.com: ID(4) ADDR(***.232.65.67)
- On the secondary-2 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
# diagnose firewall fqdn list List all FQDN: *.cnn.com: ID(4) ADDR(***.232.65.67)
- On each FortiGate, go to Policy & Object > Addresses and hover over the FQDN address to view the resolved IP.
- Primary:
- Secondary-1:
- Secondary-2:
- Primary: