Access-list FTP - use FQDN instead of IP address

[Antelope]

I want to allow ftp access to ftp.symantec.com so my anti-virus server can pull the updates but ftp.symantec.com has many records in DNS. When I try this:

access-list outbound permit tcp host server host ftp.symantec.com eq 21

It says IP address not found (assume it looks in name list)


What am I missing?

 

[ChrisAC]

name 216.200.68.153 ftp.symantec.com.

Or, you could just use the IP address in the rule. ftp.symantec.com only resolves to one IP address.

ftp.symantec.com. 30 IN CNAME ftp.symantec.speedera.net.
ftp.symantec.speedera.net. 30 IN A 216.200.68.153

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[Antelope]

Do an nslookup a couple times and you will get a bunch of different answers.

 

[ChrisAC]

Ah yes, the CNAME resolves to a few IP addresses. Well then, put a rule in for each one or create a network object group.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************