You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/fqdn-filtering-network-rules.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,19 +1,18 @@
1
1
---
2
2
title: Azure Firewall FQDN filtering in network rules
3
-
description: How to use Azure Firewall FQDN filtering in network rules
4
-
services: firewall
3
+
description: Learn how to use FQDN filtering in Azure Firewall network rules to control outbound traffic by domain name for TCP/UDP protocols including NTP, SSH, and RDP.
5
4
author: duongau
5
+
ms.author: duau
6
6
ms.service: azure-firewall
7
7
ms.topic: concept-article
8
-
ms.date: 03/17/2025
9
-
ms.author: duau
8
+
ms.date: 03/28/2026
10
9
ms.custom: engagement-fy23
11
10
# Customer intent: "As a network administrator, I want to implement FQDN filtering in Azure Firewall network rules, so that I can control outbound traffic based on domain names and ensure security for various protocols without using wildcards."
12
11
---
13
12
14
13
# Use FQDN filtering in network rules
15
14
16
-
A fully qualified domain name (FQDN) represents the complete domain name of a host or one or more IP addresses. In Azure Firewall and Firewall policy, you can use FQDNs in network rules based on DNS resolution. This feature allows you to filter outbound traffic using any TCP/UDP protocol, including NTP, SSH, and RDP. To use FQDNs in your network rules, you must enable DNS Proxy. For more information, see [Azure Firewall DNS settings](dns-settings.md).
15
+
A fully qualified domain name (FQDN) represents the complete domain name of a host or one or more IP addresses. In Azure Firewall and Firewall policy, you can use FQDNs in network rules based on DNS resolution. This feature allows you to filter outbound traffic by using any TCP or UDP protocol, including NTP, SSH, and RDP. To use FQDNs in your network rules, you must enable DNS Proxy. For more information, see [Azure Firewall DNS settings](dns-settings.md).
17
16
18
17
> [!NOTE]
19
18
> FQDN filtering in network rules doesn't support wildcards by design.
@@ -26,7 +25,7 @@ When a new DNS resolution occurs, new IP addresses are added to the firewall rul
26
25
27
26
### Differences between application rules and network rules
28
27
29
-
- FQDN filtering in application rules for HTTP/S and MSSQL relies on an application-level transparent proxy and the SNI header. This allows it to differentiate between two FQDNs that resolve to the same IP address. This capability isn't available with FQDN filtering in network rules.
28
+
- FQDN filtering in application rules for HTTP/S and MSSQL relies on an application-level transparent proxy and the SNI header. This reliance allows it to differentiate between two FQDNs that resolve to the same IP address. This capability isn't available with FQDN filtering in network rules.
30
29
31
30
Always use application rules when possible:
32
31
- For HTTP/S or MSSQL protocols, use application rules for FQDN filtering.
0 commit comments