Im using minemeld to get the dynamic address (URLs, IPs) from office 365.
If there are IP addresses, this works without problems via the EDL. In this case the EDL replace the source object.
What about addresses that have a wildcard in the URL? These EDLs cannot be selected from the source object and must be saved using the URL pattern filter. In order to allow an access from the Internet from any "*.mircosoft.com" or just "microsoft.com" do I have to set the source ip-address to "Any" and set all categories except the EDL to block?
How do you allow access from the Internet via URLs?
So yes, you should have two policies. One for destination IP's and one for URL filtering. The firewall reads policies top to bottom and left to right. Meaning everything in the policy has to match before the firewall will use that policy.
i.e. if you have a policy that has a destination ip of 22.214.171.124 and a url filter to only allow google.com, the firewall will not use it since not all values are matched in the policy.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!