< Home

Overview of Domain Groups

This section describes the basic concept and application scenarios of domain groups.

A domain group is a collection of domain names. It can be referenced by multiple types of policies, including security policies, authentication policies, traffic policies, NAT policy, proxy policy, audit policies, and policy-based routing. Figure 1 shows the mechanism of domain groups.

Figure 1 Domain group mechanism

For example, the FW has domain group domain_group, and the domain group has member example.com. A traffic policy is configured, and the traffic policy uses domain group domain_group in the destination address as the matching condition.

  1. The client accesses domain name example.com and initiates a DNS request.
  2. The FW resolves the reply packet from the DNS server. Because domain name example.com matches the configured domain group, the FW records the mapping between the domain name and the IP address.
  3. The client then uses the returned IP address for data access. Based on the mapping between the domain name and the IP address, the access matches the policy. Then the FW implements the action defined in the policy.
Parent Topic: Domain Group
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >