It would be very helpful to be able to use whole Domains / TLDs (Wildcards).
A specific use-case would be, to block the new .ZIP- and .MOV-Domains for example.
For example:
set firewall name LAN-WAN rule 10 destination fqdn '*.zip'
set firewall name LAN-WAN rule 10 action drop
Example in groups:
set firewall group domain-group Malicious-Domains address '*.zip'