A fully qualified domain name (FQDN) is the complete domain name for a specific host on the Internet. FQDNs are used in firewall rules to allow or reject traffic going to specific domains.

The FQDN attribute type is used in distributed firewall FQDN Filtering policy, see FQDN Filtering. NSX supports custom FQDNs that are defined by an administrator in addition to the pre-defined list of FQDNs.
Note: Custom FQDNs do not support custom top level domain names.
Custom FQDN supports the following:
  • Starting in 4.0.1, FQDN supports processing of DNS response record packets containing canonical names (CNAMEs).
  • Full FQDN names such as maps.google.com or myapp.corp.com
  • Partial REGEX with * at the beginning only such as *eng.northpole.com or *yahoo.com
  • FQDN name length up to 64 characters
  • FQDN names must end with the registered top level domain (TLD) such as .com, .org, or .net
When creating a custom FQDN, using a wildcard domain is best practice. For example, using *.example.com, would include sub domains such as americas.example.com and emea.example.com. Using example.com, would not include any sub domains.


  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Inventory > Profiles.
  3. Select the Attribute Types tab, and FQDNs.
    A table of system-generated FQDNs appears.
  4. Select Actions > Add FQDN.
  5. Enter the domain name in form *[hostname].[domain]. For example, *abracadabra.com
    Do not include http:// or any other header.
  6. Click Save.
    The user-defined FQDN is shown in the table of available FQDNs, with User in the Created By column.
  7. (Optional) To display a subset of FQDNs, click Filter by Name, Path and more and select Created by or Domain.

What to do next

FQDNs can be used in context profiles for distributed firewall rules.