Domains

A Domain object represents a host or DNS domain by its name only. It is not necessary to have the IP address of the site.

You can use the Domain object in the source and destination columns of an Access Control Policy.

You can configure a Domain object in two ways:

• Select FQDN

  In the object name, use the Fully Qualified Domain Name (FQDN).

  Use the format .x.y.z (with a dot "." before the FQDN).

  For example, if you use .www.example.com then the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. matches www.example.com

  This option is supported for R80.10 and higher, and is the default. It is more accurate and faster than the non-FQDN option.

  The Security Gateway looks up the FQDN with a direct DNS query, and uses the result in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..

  This option supports SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. Accept templates.

  Using Domain objects with this option in a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. has no effect on the performance of the rule, or of the rules that come after it.

• Clear FQDN

  This option enforces the domain and its sub-domains.

  In the object name, use the format .x.y for the name.

  For example, use .example.com or .example.co.uk for the name.

  If you use .example.com, then the Security Gateway matches www.example.com and support.example.com

  The Security Gateway resolves the name using DNS reverse lookups, which can be inaccurate.

  The Security Gateway uses the result in the Rule Base, and caches the result to use again.