Block inbound domains by wildcard fqdn

m270 + 12.8.1

Can I make a rule to block inbound traffic using a wilcard domain ?

eg,, etc

Looking here, I don't think so

When you define a domain name in your configuration, your Firebox performs forward DNS resolution for the specified domain and stores the IP address mappings. For wildcard domains such as *, the device performs forward DNS resolution on and


  • Looks like one can. Sorry to bother you.

    FWDeny, Denied, pri=4, disp=Deny, policy=EXCEPTION-Block-Inbound-00, protocol=http/tcp, src_ip=, src_port=3956, dst_ip=x.x.x.x, dst_port=80, dst_ip_nat=, src_intf=EXT-BUSINESS, dst_intf=INT-BUSINESS, rc=101, pckt_len=48, ttl=46, pr_info=offset 7 S 3574765286 win 25765, 3000-0148,, geo_src=USA; geo_dst=USA

    FQDN[156:1] domainID: 5,, refcnt: 1, Status: Perfect
    FQDN[156:1] IP Count: 24 , Sub-label: 23 , total-adding=32 , total-deleting=8 , total-earlydrop=0
    FQDN[156:1] Type: wildcard , Duration: 0 (s)
    FQDN[156:1] NS:, AA-Min-TTL: 3600, Duration: 0 (s), Update-count: 1
    FQDN[156:1] TTL: 3600(s), Flag: 00000600
    FQDN[156:1] In groups: fqdn:pol_35_from,

    Index Address TTL TTL-PKT AA Expiration FLAG Label CNAME
    [001] 3600 3600 AA remain 0h:30m:4s 00000057 scan-36a
    [002] 3600 3600 AA remain 0h:30m:4s 00000057 scan-44a


  • To be sure you get it....


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Steve_E
    You can, however the firewall will convert it to an IP table (as you noted in your FQDN dump in your reply.) If it's a shared hosting service (think any service you can pay to host a webpage that doesn't give you a dedicated IP) you could potentially deny traffic to/from other hosts if they also resolve to those IPs.

    -James Carson
    WatchGuard Customer Support

  • So if I want to drop someone using shared hosting from getting in, what kind of rule works for that?

  • No such ability.
    The blocks are done by IP address.
    One either blocks all from that IP addr or allows all from that IP addr.

Sign In to comment.