https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/584371#M116730 <P data-unlink="true">Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it.&nbsp; The website I am whitelisting is&nbsp;https://www.pahealthwellness.com/login.html.&nbsp; When you make some selections on the page, it redirects to&nbsp;https://sso.entrykeyid.com&nbsp;.&nbsp;I have a rule set to allow both those URL's with wildcards, but the bigger problem is that the traffic is hitting cloudfront and getting blocked based on that.&nbsp; I dont want to whitelist all of cloudfront, but I cant figure out a way around this.&nbsp; I can give more detail if needed, I just want to see if I am missing something basic here.</P> Fri, 19 Apr 2024 20:23:35 GMT BenOesterling 2024-04-19T20:23:35Z https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/584371#M116730 <P data-unlink="true">Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it.&nbsp; The website I am whitelisting is&nbsp;https://www.pahealthwellness.com/login.html.&nbsp; When you make some selections on the page, it redirects to&nbsp;https://sso.entrykeyid.com&nbsp;.&nbsp;I have a rule set to allow both those URL's with wildcards, but the bigger problem is that the traffic is hitting cloudfront and getting blocked based on that.&nbsp; I dont want to whitelist all of cloudfront, but I cant figure out a way around this.&nbsp; I can give more detail if needed, I just want to see if I am missing something basic here.</P> Fri, 19 Apr 2024 20:23:35 GMT https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/584371#M116730 BenOesterling 2024-04-19T20:23:35Z https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/593533#M118132 <P>I have a similar problem and I can't even get things to work after whitelisting *.cloudfront.net.&nbsp; It's as if the laptop's DNS is resolving to an IP address different than the Palo Alto.&nbsp; I have the Minimum FQDN refresh time set to zero in Device &gt; Setup &gt; Services but it still won't match the policy.</P> Tue, 30 Jul 2024 16:37:15 GMT https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/593533#M118132 EricHaug 2024-07-30T16:37:15Z https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/593569#M118135 <P>It sounds (and after a quick check of pahealthwellness.com confirmed) that website is using fast-flux DNS. The DNS resolution is constantly changing over a range of IPs, so the firewall and client DNS responses will diverge, and hence the firewall doesn't know the IP the client browser is currently connecting to is actually the same as the FQDN in the firewall. There are really only 2 options if you want to whitelist this server and block other traffic. See my previous thread here:</P> <P><A href="https://live.paloaltonetworks.com/t5/panorama-discussions/frequently-changing-ip-for-a-fqdn/td-p/547597" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/panorama-discussions/frequently-changing-ip-for-a-fqdn/td-p/547597</A></P> <P>&nbsp;</P> <P><A href="https://www.paloaltonetworks.com/cyberpedia/what-is-a-fast-flux-network" target="_blank" rel="noopener">https://www.paloaltonetworks.com/cyberpedia/what-is-a-fast-flux-network</A></P> <P>&nbsp;</P> <P>Note: The PA minimum FQDN refresh time will never drop below 30sec (regardless of the config setting) as that is hardcoded to prevent the firewall from thrashing on invalid/extremely short TTL FQDNs.</P> Tue, 30 Jul 2024 21:10:07 GMT https://live.paloaltonetworks.com/t5/general-topics/help-whitelisting-a-url-that-routes-through-cloudfront/m-p/593569#M118135 Adrian_Jensen 2024-07-30T21:10:07Z