Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Usecase of existing FQDN hosts

Hey everyone!

I've been working with the XG Firewall for about a week now and am still excited about all the nice features and just how it looks like.

I want to know if it's okay to delete the predefined FQDN hosts, because the long list of suggestions is more annoying than helpful when creating new policies. Via System > Hosts and Services > FQDN hosts I'd be allowed to delete them, but would this possibly interfere with an important component and restrict my XG in its functionality? Why is there a so large list of predefined hosts?

Thanks for your help in advance!

Best regards,
Leon



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi intrusus,

    It is not advisable to delete predefined FQDN hosts, deleting them might cause some issues. If going through the long list is the issue, you might want to use search feature to sort required FQDN host. 

    This details is in help section of the FQDN page: 

    The FQDN host page displays the list of all the available FQDN host.

    FQDN (fully qualified domain name) hosts allow entities to be defined once and be re-used in multiple referential instances throughout the configuration. For example, www.example.com has an IP address as 192.168.1.15. Rather than remembering the IP address of the intended website while accessing it, you can simply type www.example.com in the browser. The FQDN www.example.com will now be mapped to its respective IP address, and the intended webpage opens. 

    Thanks,

  • Then I don't get it, if I don't use them in any rule why I would want them?

    Sophos is doing 111115 DNS requests per day to the FQDN list for nothing, because I am not using them, or I only use I couple that I have added manually

  • Are you sure that the XG does this requests per day without any reason?
    I think this is just a list for creating rules and if traffic comes in / goes out and XG checks the traffic against all rules, then it will try to resolve this names if there is any rule containing these hosts.

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

Reply
  • Are you sure that the XG does this requests per day without any reason?
    I think this is just a list for creating rules and if traffic comes in / goes out and XG checks the traffic against all rules, then it will try to resolve this names if there is any rule containing these hosts.

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

Children
  • Yes, I am sure, I guess sophos XG will ping periodically all these domains to keep the IP updated

  • XG will basically update all objects to have the current TTL value all the time.

    The point is, it is way harder to implement a "Is this object used" than simply query the TTL of all objects. 

    DNS (FQDN) Hosts can be used in many ways on XG (as well as Web Queries). And to have this in the local storage.

    There are no Pings to update them. Instead simple DNS Requests according to the TTL. 

    __________________________________________________________________________________________________________________