Configure an FQDN host
You can configure fully qualified domain name (FQDN) hosts on Sophos Firewall.
Introduction
You can use FQDN hosts when you configure rules, policies, and settings, such as firewall rules, SD-WAN policy routes, and VPN settings.
Information about FQDN hosts
FQDN hosts make managing hosts and IP addresses easier:
- FQDN hosts can resolve to multiple IP addresses.
- You aren't required to remember IP addresses.
- Sophos Firewall optimizes security by basing actions in firewall rules on FQDN hosts.
Note
You can use wildcard FQDN hosts for Sophos Firewall to resolve when it's configured as the DNS server. For Sophos Firewall to resolve wildcard FQDNs, DNS requests must be sent over UDP rather than TCP.
You can configure FQDN hosts for the following objects:
- Mail servers
- Proxy servers
- DNS hosts
- External authentication servers, such as AD and LDAP
- Remote access VPN endpoints
- Web servers
- Syslog servers
Note
FQDN hosts don't support multiple domains that resolve to a single IP address. For example, test.com and example.com can't both resolve to 192.0.2.1.
How to add an FQDN host
You can create, edit, and delete FQDN hosts.
To configure a new FQDN host, do as follows:
- Go to Hosts and services > FQDN host and click Add.
-
Enter your FQDN host settings.
Setting Description Name The name you give to the FQDN host. example.com
FQDN The host's fully qualified domain name. *.example.com
FQDN host group Select a host group from the list, or create a new group. Note
An FQDN host can belong to more than one FQDN host group.
The following image shows example settings.
-
Click Save.