Reply
Highlighted
L2 Linker
Posts: 12
Registered: ‎07-05-2018
Accepted Solution

O365 URL rewrite

I'm using minemeld to pull the O365 urls into my PAN. I get a list that has entries like
*.domain.com
sub.domain1.com

 

I need to import those entries and rewrite them so they look like
*.domain.com/
domain.com/
*.sub.domain1.com/
sub.domain1.com/

 

Any pointers would be appreciated.

L7 Applicator
Posts: 1,028
Registered: ‎03-03-2011

Re: O365 URL rewrite

Hi @ckemp,

could you tell us more about this rewrite? Why is that needed?

L2 Linker
Posts: 12
Registered: ‎07-05-2018

Re: O365 URL rewrite

We use an External Dynamic List from minemeld to ingest Office 365 URLs and IPs into PAN. Microsoft presents the urls as *.skype.com. If I go to www.skype.com, I get access. If I go to skype.com, I am blocked. I understand the “*” is a token and PAN expects to find something there, such as “www”, not for to be empty or null. This is a problem. I’m not sure how to manage this other than parse the list again for every *.domain.com entry create a domain.com entry.

L7 Applicator
Posts: 1,028
Registered: ‎03-03-2011

Re: O365 URL rewrite

Hi @ckemp,

what version of PAN-OS are you running on? I think the matching behavior was changed to let *.skype.com match also skype.com at some point. 

 

Thanks,

luigi

L2 Linker
Posts: 12
Registered: ‎07-05-2018

Re: O365 URL rewrite

I’m running 8.1.4.
L1 Bithead
Posts: 13
Registered: ‎06-16-2014

Re: O365 URL rewrite

I've confirmed this is the behavior on v8.1.5 as well, a specific entry for the root domain is required as a wildcare does not function.

 

@lmori what would be the best way to file this?

 

L7 Applicator
Posts: 1,028
Registered: ‎03-03-2011

Re: O365 URL rewrite

@eyunghans thanks for testing this. I am working on it. The plan is to enhance panosurl modifier to translate *.domain.com into domain.com and *.domain.com in the generated feed.

L2 Linker
Posts: 12
Registered: ‎07-05-2018

Re: O365 URL rewrite

Any ETA on when this would be available? 

L7 Applicator
Posts: 1,028
Registered: ‎03-03-2011

Re: O365 URL rewrite

Just merged the PR to the develop branch on github:

https://github.com/PaloAltoNetworks/minemeld-core/pull/307

 

This will be in the next release. You can test it now if you use the Ansible playbook.

L2 Linker
Posts: 12
Registered: ‎07-05-2018

Re: O365 URL rewrite

We do not use Ansible playbook. Do you know when the next release will be available?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!