I tested this feature with the following firewall config:
set firewall group domain-group DG_TEST address 'nu.nl' set firewall group domain-group DG_TEST address 'www.nu.nl' set firewall interface eth1 out name 'ETH1_OUT' set firewall name ETH1_OUT default-action 'accept' set firewall name ETH1_OUT rule 10 action 'drop' set firewall name ETH1_OUT rule 10 destination group domain-group 'DG_TEST'