https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33778#M24786 <HTML><HEAD></HEAD><BODY><P>Thanks, creating the address object worked.</P></BODY></HTML> Tue, 26 Jun 2012 21:02:28 GMT dstewart65 2012-06-26T21:02:28Z https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33775#M24783 <HTML><HEAD></HEAD><BODY><P>Is it possible to create a Security Policy with the Destination address as a URL? I would prefer to use the URL to avoid using the IP in case the destination service changes it.</P><P></P><P>Thanks,</P><P>Dennis</P></BODY></HTML> Tue, 26 Jun 2012 20:26:43 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33775#M24783 dstewart65 2012-06-26T20:26:43Z https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33776#M24784 <HTML><HEAD></HEAD><BODY><P>Yes, create an address object, use the FQDN from the drop down, and enter your URL. </P><P></P><P>I believe the refresh job runs every 30 minutes to convert that URL to an IP address.</P></BODY></HTML> Tue, 26 Jun 2012 20:31:37 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33776#M24784 mharding 2012-06-26T20:31:37Z https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33777#M24785 <HTML><HEAD></HEAD><BODY><P>In that case dont forget to add a url-filter aswell for the same FQDN (specially if this is http traffic).</P><P></P><P>The bad part (security wise) of using FQDN as dstip is that you will rely on what answer the external (compared to the PA itself) dns will bring you.</P></BODY></HTML> Tue, 26 Jun 2012 20:48:29 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33777#M24785 mikand 2012-06-26T20:48:29Z https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33778#M24786 <HTML><HEAD></HEAD><BODY><P>Thanks, creating the address object worked.</P></BODY></HTML> Tue, 26 Jun 2012 21:02:28 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33778#M24786 dstewart65 2012-06-26T21:02:28Z https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33779#M24787 <HTML><HEAD></HEAD><BODY><P>This is not http traffic, it's secure FTP (as best it can be) on uncommon ports. I will keep the url-filtering underadvisement.</P><P>Thanks.</P><P><BR /> </P></BODY></HTML> Tue, 26 Jun 2012 21:03:57 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-with-urls/m-p/33779#M24787 dstewart65 2012-06-26T21:03:57Z