Container based FQDN addition- Anomaly behaviour

Dear All,

I get malicious domain and IPs to block from my regulator. Instead of manually adding IPs and domain, I created Container and than get it sync with Raw Github for both IPs and FQDN. The FQDN and IPs are syncing correctly in CMA.

To test, I added "linkedin.com" to malicious domain in container and created Internet Firewall rule to block for this container. When I browse "linkedin.com", I get block page but as soon as I type "www.linkedin.com", it opens and not get blocked. Since there is only option of either IP or FQDN to be added in Cato Container, now due to this limitation, my purpose is not solved.

Ideally it should block all subdomains as well but it only blocks if FQDN is browsed. So with this, malicious attacker URLs will not be blocked. Cato should provide option to add "Domain" as well along with IP and FQDN as this is not solving the problem of blocking malicious domain basis threat feeds received from regulator.

Cato Product should look into this.

Forum Discussion

Container based FQDN addition- Anomaly behaviour

Recent Discussions

Pre-Login and Online Services

Container based FQDN addition- Anomaly behaviour

Recording: Ask Me Anything with Professional Services - March 2026

Socket Active-Active SLA

Disable SCIM User