It would be very helpful to be able to use whole Domains / TLDs (Wildcards).
A specific use-case would be, to block the new .ZIP- and .MOV-Domains for example.

For example:

set firewall name LAN-WAN rule 10 destination fqdn '*.zip'
set firewall name LAN-WAN rule 10 action drop

Example in groups:

set firewall group domain-group Malicious-Domains address '*.zip'