Quote:
Originally Posted by henba  Have several NGX(R65). I need to ask if anyone in CPUG can help me. What I need to do is to create a rule to limit several hosts on trust side to HTTPS to a outside domain, for example microsoft.com. Yes, I can do nslookup on Microsoft Corporation and get a range of IP, but the range could change in the future. Microsoft lookup points to akadns.net. Can a rule be created where the destination is not an IP or range of IP but a domain like microsoft.com? Thanks, |
Yes, there's a domain object and you don't want to use it. It will require a reverse DNS lookup on every IP address that gets compared to that rule. It will slow down your firewall tremendously.
Either create a group containing the IP addresses or use a real web filtering product like Surf Control or WebSense.