Would the client be able to resolve the FQDN with your current ruleset? Also please be aware that rules are worked down from top to bottom meaning that DNS should be on top of your Rule I would think.
Thanks for your response dyilmaz
We do have a rule for DNS above the rule I am testing:
- Allow outgoing traffic
- Remote service: dns (53)
Incidentally we also have a rule (which I temporarily disabled during testing) which allowed all traffic, in and out, to any remote address - and this allowed access to any website. As soon as I disabled this, leaving my specific mcafee.com rule in place - I was unable to connect to any website, including McAfee's.
Host IPS was not designed as a Web URL filtering product. Some comments:
1. HIPS Firewall Domain rules allow/block DNS lookups only. It does not allow outbound traffic for the domain that is looked up (See #2).
2. You still need to create firewall rules to allow outbound traffic (e.g., to browse to the Internet you need to create firewall rules that allow outbound TCP port 80 traffic).
3. FQDN firewall rules are to specific hostnames.domainnames. You cannot use wildcards. You would need to create FQDN rules for every specific Internet hostname that the user need to communicate with (e.g., www.mcafee.com, images.mcafee.com, community.mcafee.com, etc.).