FQDN Filtering not resolving DNS, even when using * wildcard
search cancel

FQDN Filtering not resolving DNS, even when using * wildcard

book

Article ID: 324561

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

  • FQDN filtering is configured.
  • A wildcard certificate is configured for a server group (*.example.com). The webpage never loads and/or get error when queries website.com.
  • It was also observed that it would work for a short period of time, and may break.

Environment

VMware NSX 4.1.1

Resolution

This issue is resolved in VMware NSX 4.1.2.2.
This issue is resolved in VMware NSX 4.2.0

Additionally, you will need to add a rule after the upgrade to associate .example.com requests. You will still need a wild card for the site = *.example.com


Workaround:

You can add a rule in NSX DFW to accommodate the website access. 
Example you use = Source *.example.com | Dest = Any | Service Any | Context Profile None | Applied to DFW. 
You could adjust Dest, Source, Service, and Applied To depending on grouping who needs access to the website.

 

Additional Information

Impact/Risks:

You may have VM's/Users not able to access a website.