https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/278769#M75675 <P>Hello,</P><P>&nbsp;</P><P>Thank you for your reply.</P><P>The customer currently has two internet links, one is for G Suite and the other is for the rest. And a proxy server sits on the latter link. So their&nbsp;PAC file has statement kind of like "direct connect for G Suite URLs and via proxy for the rest".</P><P>&nbsp;</P><P>What I want the customer do is to ditch the proxy server for maximum budget allocation to us.</P><P>To accomplish this, two internet links are connected to our NGFW and select link based on destination URL which is eventually IP address.</P><P>&nbsp;</P><P>We only can use FQDN object for that purpose but FQDN object doesn't support wildcard FQDN as well as FQDN includes an arbitrary number.</P><P>This is why I'm looking for a way to accomplish this.</P><P>&nbsp;</P><P>Thanks,</P><P>Takahiro</P> Wed, 24 Jul 2019 20:08:57 GMT tmyzw 2019-07-24T20:08:57Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/277969#M75534 <P>Hello,</P><P>&nbsp;</P><P>I have a customer who wants to replace proxy servers to NGFW.</P><P>The proxy server is used for website filtering as well as URL based routing especially for G Suite.</P><P>&nbsp;</P><P>Unfortunately, PBF policy rule doesn't have URL as match criteria and only FQDN object can be used for that purpose.</P><P>But google publishes some wildcard or single digit number URLs as URL list used by G Suite(and Goodle Drive).</P><P>&nbsp;</P><P>ex.</P><P>*.drive.google.com</P><P>*.clients[N].google.com</P><P>&nbsp;</P><P>What I want to do is to accomplish URL based (or similar) PBF without proxy server including above URLs.</P><P>&nbsp;</P><P><A href="https://support.google.com/a/answer/2589954" target="_blank">https://support.google.com/a/answer/2589954</A></P><P>&nbsp;</P><P>Thanks,</P><P>Takahiro</P><P>&nbsp;</P> Mon, 22 Jul 2019 04:59:28 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/277969#M75534 tmyzw 2019-07-22T04:59:28Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/278381#M75598 A firewall is not a proxy server, so functionality is different. What is the use case for only a handful of URLs to be rerouted? there could be a different solution by applying firewall logic to a network issue (rather than proxy logic) PBF is tcp/udp oriented routing feature, so it functions best at layer3 and below. Tue, 23 Jul 2019 13:53:39 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/278381#M75598 reaper 2019-07-23T13:53:39Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/278769#M75675 <P>Hello,</P><P>&nbsp;</P><P>Thank you for your reply.</P><P>The customer currently has two internet links, one is for G Suite and the other is for the rest. And a proxy server sits on the latter link. So their&nbsp;PAC file has statement kind of like "direct connect for G Suite URLs and via proxy for the rest".</P><P>&nbsp;</P><P>What I want the customer do is to ditch the proxy server for maximum budget allocation to us.</P><P>To accomplish this, two internet links are connected to our NGFW and select link based on destination URL which is eventually IP address.</P><P>&nbsp;</P><P>We only can use FQDN object for that purpose but FQDN object doesn't support wildcard FQDN as well as FQDN includes an arbitrary number.</P><P>This is why I'm looking for a way to accomplish this.</P><P>&nbsp;</P><P>Thanks,</P><P>Takahiro</P> Wed, 24 Jul 2019 20:08:57 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-based-pbf/m-p/278769#M75675 tmyzw 2019-07-24T20:08:57Z