firewall policy fqdn

XYLITOL · December 2

Hello.

Is it possible to specify a directory after the FQDN in a firewall policy?

Example .xylitol.com/

If I allow the FQDN (*.xylitol.com) in the firewall policy, will the *.xylitol.com/zzzzzzzz/xxxxxxxx/vvvvvv communication be allowed?

Bruce_Briggs · December 3

Q. Can I make SD-WAN work with HTTP proxy policy?
A. yes, but proxy actions can allow, deny or modify contents of the packet.
If the packet is allowed, then the SD-WAN action if any, is applied

You can't specify a SD-WAN action to a URL, such as FDQN/path.

SD-WAN is only for outgoing sessions.

What is your exact goal here?

Bruce_Briggs · December 2

No.
But you can specify a URL path on the HTTP proxy action.

XYLITOL · December 3

Thank you.
Can I make SD-WAN work with HTTP proxy policy?
If it can work, is the destination Any-External?
Does the actual destination and interface refer to the SD-WAN action and URL path respectively?

XYLITOL · 12:05AM

sorry.
I wanted to know if SD-WAN works with a URL.
That is why I asked the first question.

Bruce_Briggs · 1:21AM

The firewall routes packets based on IP addr.
FQDN entries in policies get resolved to IP addrs.

About Policies by Domain Name (FQDN)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/fqdn_about_c.html

firewall policy fqdn

Best Answer

Answers