Firewall rules using fully qualified domain names fail to match
Last Modified: 2022-03-10 05:29:13 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Firewall rules using fully qualified domain names fail to match
Technical Articles ID:
KB87125
Last Modified: 2022-03-10 05:29:13 Etc/GMT EnvironmentEndpoint Security (ENS) Firewall 10.x
ProblemFirewall rules that contain fully qualified domain name (FQDN) remote matches for inbound or outbound traffic aren't matched.
A match occurs only if there's a DNS request for that FQDN host name. CauseThis issue is a design limitation of the ENS DNS cache implementation. The DNS cache is built based on DNS responses that ENS Firewall sees.
DNS and WINS name lookups or Windows "hosts" file name resolution are needed to resolve the FQDN host name to an IP address. Unless the system is performing the name resolution lookup, ENS Firewall doesn't cache it. An FQDN host name entry within a firewall rule works only if the SolutionTo submit a new product idea, go to the Enterprise Customer Product Ideas page.
Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website. For more information about product ideas, see KB60021 - How to submit a Product Idea. WorkaroundYou must use an IP address in place of an FQDN when the inbound or outbound firewall rules are defined.
Affected ProductsLanguages:This article is available in the following languages: |
|