Overview

End users trying to access a domain for which they have already created a firewall rule are unable to reach the domain.

Symptoms

• For example, you can resolve domain.com but subdomain.domain.com does not resolve with the firewall Connector, or vice versa.

Potential Root Cause

When a DNS entry (e.g.,domain.com) is configured for a firewall Connector, the firewall only matches the exact FQDN and not sub-domains beneath it. Therefore, when an end user looks up subdomain.domain.com, the DNS rules will bypass the internal DNS resolver and try to resolve it using a public DNS resolver, which fails.

Resolution Steps

1. Navigate from Cloud Secure Edge > Access Settings > Network > Configure Connector.

2. In your firewall Connector configuration, select +Add and enter both the base domain (i.e., domain.com) and the wildcard domain (i.e., *.domain.com).