Wildcard FQDN does seem to work with adding to alias for policies
We recently added another ISP for our office and instead of pushing that IP out to every box for the new IP, we were going to add an A record and push out a wildcard FQDN to the allowed for MGMT and WebUI from there. It seems though if we add *.example.com this will not work until we resolve internally on the Firebox side the A record we're trying to access. But if we do the actual A record itself, it works without issue (a.example.com) for instance.
Tested across at least 7 different Fireboxes, varying in models and firmware versions. Anyone have any ideas on this? Would really not like to have to add 6 FQDNs to the aliases when one wildcard would cover this all.
If we need to run a DNS lookup response locally before these will work, can anyone say how long this would be cached before we would have to do it again?
- Please note, all the Fireboxes tested had External DNS server for it's DNS resolution as not all the Fireboxes have local DNS to use.