Traffic is not hitting the rule having Context profile (with the Domain(FQDN) Name attribute)
search cancel

Traffic is not hitting the rule having Context profile (with the Domain(FQDN) Name attribute)

book

Article ID: 383654

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

  • FQDN filtering is configured.
  • When searching for a wildcard FQDN (e.g., *.example.com) that is listed in the allowed FQDN list within the context profile, the context profile rule will be skipped.
  • For example, when attempting to browse mail.google.com from the source VM, the DFW rule containing the context profile rule will be bypassed, and the next matched rule will be applied instead.
  • You may have VMs that are unreachable to the websites (Listed FQDNs in the context profile) if the next matched rule has a deny action

Environment

VMware NSX 3.x and 4.x

Resolution

You need to configure the 'Domain (FQDN) Name' attribute type with a wildcard FQDN (e.g., *.example.com) by using the Add FQDN feature. For example, to configure all subdomains of google.com, you would enter *.google.com in the list.

You also need to add the base domain, such as google.com, along with the wildcard FQDN (*.google.com), as shown in the screenshot below.

Click on ADD and Apply.

Powered by Wolken Software