Firewall Policy with Aliases using FQDN

Hi there,

I have a Firewall Policy that is allowing Internet access to the users on our Citrix machines. So, I thought I could use the FQDN of the Citrix hosts here. No luck. This policy only works when I use the Host IP address.

Shouldn't the FQDN also work? I am using hostname.domain.local. DNS works ok.


  • Options

    Yes, that -should- work. Have you tested the DNS from System Manager -> System Manager -> Tools -> DIagnostic Tasks? You may need to alter your DNS policy.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    I'd suggest checking the diagnostic tasks
    (In firebox system manager, Tools -> Diagnostic tasks, select DNS lookup.)
    (In WebUI, system status -> Diagnostics, network tab. Choose DNS lookup.)
    Can the firewall resolve the name that you're using in the FQDN?

    The firewall will use whatever DNS server is populated first in the global network settings. If that's an external DNS server, your lookup will likely fail or be incorrect.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.