Hello,   I don't know whether what I'd like to achieve is possible with the MX...  Having read the FQDN support documentation here I read under [consideration 1.] that "the communication between the client and DNS server cannot be intra-VLAN (this DNS traffic is not snooped)."  If I have a sub-netted Windows domain client that is on a different VLAN than my DNS/DC server, then L3 FQDN support will not (and in my experience does not) function.   The client in this case is in a locked down subnet that has no Internet access - for security purposes.  I'm allowed to whitelist specific URLs on this subnet, but as described above, the MX will not see the DNS requests, so that whitelisting using a L3 FQDN rule does not work.   (I have tried working around this by setting my client's DNS manually to use an external DNS rather than the DC, whilst setting a NRPT rule to direct internal DNS queries to the local server and providing a "lmhost" file to seed the IP address of the DC for finding the domain.  This hasn't been successful - the machine will not find the domain controller and authenticate.)   Is there any way at all to get L3 FQDN rules to work when I need internal DNS and DC to function whilst the client and server are on separate VLANs?    Thank you for your time.   Shy        ... View more