Skip to content

Configure an FQDN host

You can configure fully qualified domain name (FQDN) hosts on Sophos Firewall.

Introduction

You can use FQDN hosts when you configure rules, policies, and settings, such as firewall rules, SD-WAN policy routes, and VPN settings.

Information about FQDN hosts

FQDN hosts make managing hosts and IP addresses easier:

  • FQDN hosts can resolve to multiple IP addresses.
  • You aren't required to remember IP addresses.
  • Sophos Firewall optimizes security by basing actions in firewall rules on FQDN hosts.

Note

You can use wildcard FQDN hosts for Sophos Firewall to resolve when it's configured as the DNS server. For Sophos Firewall to resolve wildcard FQDNs, DNS requests must be sent over UDP rather than TCP.

You can configure FQDN hosts for the following objects:

  • Mail servers
  • Proxy servers
  • DNS hosts
  • External authentication servers, such as AD and LDAP
  • Remote access VPN endpoints
  • Web servers
  • Syslog servers

Note

FQDN hosts don't support multiple domains that resolve to a single IP address. For example, test.com and example.com can't both resolve to 192.0.2.1.

How to add an FQDN host

You can create, edit, and delete FQDN hosts.

To configure a new FQDN host, do as follows:

  1. Go to Hosts and services > FQDN host and click Add.
  2. Enter your FQDN host settings.

    Setting Description
    Name The name you give to the FQDN host.
    example.com
    FQDN The host's fully qualified domain name.
    *.example.com
    FQDN host group Select a host group from the list, or create a new group.

    Note

    An FQDN host can belong to more than one FQDN host group.

    The following image shows example settings.

    Example FQDN host settings.

  3. Click Save.