topic wildcard fqdn for destination in security policy, custom URL category in General Topics

wildcard fqdn for destination in security policy, custom URL category

Jedi_D — Tue, 22 May 2018 19:47:14 GMT

Hello folks,

I want to use a wildcard for a FQDN, e.g. *.paloaltonetworks.com

I want to use this as an object with a FQDN for the destination.

I read in the following article I need to create a custom URL category, and use that in the "service/URL category" as part of the security policy. I was hoping to use this as a destination IP address but it looks like you cant do that, as you need to specify the FQDN as a URL catergory. My question is, what do I use for the destination IP address in the securty policy??? I am guessing it would be any IP adresses, and the limiting factor will be the URL category.

https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-FQDN-Policy/ta-p/65110

Any help appreciated.... we live in a complicated world!

thanks

Re: wildcard fqdn for destination in security policy, custom URL category

BPry — Tue, 22 May 2018 20:13:19 GMT

@Jedi_D,

You would either use the Destination address ANY, or you would utilize the wider IP Range/Cidr that you expect this service to be using. Sometimes you can setup the destination IP as a range, sometimes you'll only be able to use any. Depends on the service you actually wish to utilize.

Re: wildcard fqdn for destination in security policy, custom URL category

RobinClayton — Wed, 23 May 2018 07:59:39 GMT

I just use ANY as the FQDN lookup of the URL is the limiting factor.

If you wanted to prevent specific URLS on the domain then you would need a blocking blacklist rule with the specific URLS before the whitlisitng rule.

Rob

Re: wildcard fqdn for destination in security policy, custom URL category

Jedi_D — Wed, 23 May 2018 08:24:35 GMT

thank you people, I appreciate all the answers. But I can only accept one solution.... thank to you all.