On my SonicWall, if a create a rule for media.pearsoncmg.com, I can write rules which allow or deny access no matter the underlying ip. Here's the definition SonicWall uses to describe ther FQDN network object.
FQDN Address Objects are resolved using the DNS servers configured on the SonicWALL in the Network > DNS page. Since it is common for DNS entries to resolve to multiple IP addresses, the FQDN DAO resolution process will retrieve all of the addresses to which a host name resolves, up to 256 entries per AO. In addition to resolving the FQDN to its IPs, the resolution process will also associate the entry’s TTL (time to live) as configured by the DNS administrator. TTL will then be honored to ensure the FQDN information does not become stale. On Tue, Aug 30, 2011 at 11:40 AM, Ben Scott <[email protected]> wrote: > On Tue, Aug 30, 2011 at 9:50 AM, Richard Stovall <[email protected]> wrote: >> I don't know about other firewalls, but recent SonicWalls allow you to >> create network objects based on FQDN and then use those objects in >> your rules. > > How does that cope with a CDN which might generate different IP > addresses at any given time? > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
