Fortinet black logo

Version:

7.4.0
7.2.0
7.0.0

Version:

6.4.0
6.2.0

Table of Contents

New Features

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Download PDF
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:68354
Copy Link

Synchronize wildcard FQDN resolved addresses to autoscale peers

This enhancement synchronizes wildcard FQDN IPs to other autoscale members whenever a peer learns of a wildcard FQDN address.

The following example uses an AWS deployment.

To synchronize wildcard FQDN resolved addresses to autoscale peers:
  1. Configure an FG-AWS autoscale group with one primary and two secondary FortiGates (see Deploying autoscaling on AWS in the AWS Administration Guide).
  2. On the primary FortiGate, configure a wildcard FQDN firewall address for *.cnn.com (see Using wildcard FQDN addresses in firewall policies in the FortiOS Administration Guide). The configuration will be synchronized between all autoscale peers.
To verify the wildcard FQDN resolved address synchronization:
  1. On the primary FortiGate, ping www.cnn.com:
    # execute ping www.cnn.com
PING turner-tls.map.fastly.net (***.232.65.67): 56 data bytes
64 bytes from ***.232.65.67: icmp_seq=0 ttl=52 time=0.4 ms
64 bytes from ***.232.65.67: icmp_seq=1 ttl=52 time=0.4 ms
  2. View the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  3. On the secondary-1 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  4. On the secondary-2 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  5. On each FortiGate, go to Policy & Object > Addresses and hover over the FQDN address to view the resolved IP.
    1. Primary:

    2. Secondary-1:

    3. Secondary-2:

Previous
Next

Synchronize wildcard FQDN resolved addresses to autoscale peers

This enhancement synchronizes wildcard FQDN IPs to other autoscale members whenever a peer learns of a wildcard FQDN address.

The following example uses an AWS deployment.

To synchronize wildcard FQDN resolved addresses to autoscale peers:
  1. Configure an FG-AWS autoscale group with one primary and two secondary FortiGates (see Deploying autoscaling on AWS in the AWS Administration Guide).
  2. On the primary FortiGate, configure a wildcard FQDN firewall address for *.cnn.com (see Using wildcard FQDN addresses in firewall policies in the FortiOS Administration Guide). The configuration will be synchronized between all autoscale peers.
To verify the wildcard FQDN resolved address synchronization:
  1. On the primary FortiGate, ping www.cnn.com:
    # execute ping www.cnn.com
PING turner-tls.map.fastly.net (***.232.65.67): 56 data bytes
64 bytes from ***.232.65.67: icmp_seq=0 ttl=52 time=0.4 ms
64 bytes from ***.232.65.67: icmp_seq=1 ttl=52 time=0.4 ms
  2. View the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  3. On the secondary-1 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  4. On the secondary-2 FortiGate, view the list of resolved IP addresses of wildcard FQDN objects:
    # diagnose firewall fqdn list
List all FQDN:
*.cnn.com: ID(4) ADDR(***.232.65.67)
  5. On each FortiGate, go to Policy & Object > Addresses and hover over the FQDN address to view the resolved IP.
    1. Primary:

    2. Secondary-1:

    3. Secondary-2:

Previous
Next