Overview
You created a FQDN (Fully Qualified Domain Name) network object to block access to a URL but are still able to access the URL. The optimizer is on and the policies are set to correct URL as in the screenshots below.
Solution
- Follow this article to create FQDN based network objects
- After creating the FQDN, check if there is an IP/subnet for the object. If there is no IP address, using the object in the policy will not work as expected
If there are no subnets, this means the DNS you set failed to resolve this or there might have been a temporary issue resolving the URL - Check if the network object has an IP address and DNS now. Use the following commands to check if the configuration is correct:
network-object <test_object> fqdn <URL>
show network-object <test_object>
- Resolve DNS problems with your Network team if FQDN URL still fails to resolve.
Testing
Check that the FQDN network object successfully blocks the configured URL