I'm using minemeld to pull the O365 urls into my PAN. I get a list that has entries like
I need to import those entries and rewrite them so they look like
Any pointers would be appreciated.
Solved! Go to Solution.
are you adding ?v=panosurl at the end of your feed URL?
The link in the EDL config should have the form:
We use an External Dynamic List from minemeld to ingest Office 365 URLs and IPs into PAN. Microsoft presents the urls as *.skype.com. If I go to www.skype.com, I get access. If I go to skype.com, I am blocked. I understand the “*” is a token and PAN expects to find something there, such as “www”, not for to be empty or null. This is a problem. I’m not sure how to manage this other than parse the list again for every *.domain.com entry create a domain.com entry.
what version of PAN-OS are you running on? I think the matching behavior was changed to let *.skype.com match also skype.com at some point.
I've confirmed this is the behavior on v8.1.5 as well, a specific entry for the root domain is required as a wildcare does not function.
@lmori what would be the best way to file this?
@eyunghans thanks for testing this. I am working on it. The plan is to enhance panosurl modifier to translate *.domain.com into domain.com and *.domain.com in the generated feed.
Just merged the PR to the develop branch on github:
This will be in the next release. You can test it now if you use the Ansible playbook.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!