Configure an FQDN host
You can configure fully qualified domain name (FQDN) hosts on Sophos Firewall.
You can use FQDN hosts when you configure rules, policies, and settings, such as firewall rules, SD-WAN policy routes, and VPN settings.
Information about FQDN hosts
FQDN hosts make managing hosts and IP addresses easier:
- FQDN hosts can resolve to multiple IP addresses.
- You aren't required to remember IP addresses.
- Sophos Firewall optimizes security by basing actions in firewall rules on FQDN hosts.
You can use wildcard FQDN hosts for Sophos Firewall to resolve when it's configured as the DNS server. For Sophos Firewall to resolve wildcard FQDNs, DNS requests must be sent over UDP rather than TCP.
You can configure FQDN hosts for the following objects:
- Mail servers
- Proxy servers
- DNS hosts
- External authentication servers, such as AD and LDAP
- Remote access VPN endpoints
- Web servers
- Syslog servers
FQDN hosts don't support multiple domains that resolve to a single IP address. For example, test.com and example.com both can't resolve to 192.0.2.1.
How to add an FQDN host
You can create, edit, and delete FQDN hosts.
To configure a new FQDN host, do as follows:
- Go to Hosts and services > FQDN host and click Add.
Enter your FQDN host settings.
Setting Description Name Enter a name for the FQDN host.
FQDN Enter a fully qualified domain name for the host.
FQDN host group Select a host group from the list, or create a new group.
An FQDN host can belong to more than one FQDN host group.
Here's an example of the FQDN host settings.