• Hostnames must be valid. Ensure that all hostnames point to a valid IP address by using the "ping" command.  For example, use "www.samsungknox.com", because it refers to a valid IP address. Don't use "https://www.samsungknox.com/en". 
  
• Websites usually need to access several different hostnames to load all of its contents. All of them must be included in a comprehensive firewall setting policy. 
• It's NOT recommended to use the corresponding IP addresses instead of hostnames as they can change over time. 
• Using corresponding IP addresses negatively impacts the user experience. Pages will take longer to load due to the various checks firewall will have to perform in real time.
  
  For example, if you want to block all websites except https://www.samsungknox.com/, you need to do the following:

1. Access https://www.samsungknox.com/ from a computer browser (e.g. Firefox).
2. Hit F12 key to toggle web developer tools  and then navigate to the Network tab.
3. See all requests being made from https://www.samsungknox.com/ website:
   
   
4. Based on the Domain list, create the corresponding Firewall Settings on IAM & EMM console:
   
   

NOTE — Although hostnames above refer to elements of the same page, each of these hostnames must be individually whitelisted.

Although they are part of the same domain, they are different hosts, i.e. they point to different IP addresses. Each of these hosts must be individually whitelisted. 

Knox 2.7 or above
Use the solution above or use new domain-based firewall rules. These rules only require you to whitelist the top-level domain.