Many application servers use load-balanced DNS to return only a subset of resolved IP addresses per query, which can cause security policy match failures unless the firewall maintains an aggregate list of all valid IP addresses. Strata™ Cloud Manager now supports the Load Balanced DNS setting for fully qualified domain name (FQDN) address objects to ensure your Security policy rules consistently match traffic for distributed cloud services and load-balanced application environments.

When enabled, the network security platform maintains an aggregate list of up to 100 resolved IP addresses per domain that have not yet reached their time-to-live (TTL) expiration. Instead of a replacement logic, this intelligent maintenance ensures that all valid source and destination IPs returned across multiple DNS queries are available for policy enforcement. The system uses an intelligent retry interval that doubles if no changes are detected, allowing the IP list to refresh without impacting management plane performance. This ensures your security posture remains robust even for applications with highly dynamic or distributed IP pools.