06-23-2020 01:33 AM
Already the specified Malicious URL getting a block from URL Filtering and detected in Threat Prevention with action.
it’s a dynamic FQDN/IP that has to block from the security rule base too, but the does not want to add each IP to block as he received every time.
looking for a solution where the dynamic IP can be blocked from the firewall itself so that adding the dynamic IPs or FQDN can be avoided.
apart from EDL there any other option to block the dynamic IP and URL can be block.
As the URL receives example.. www.abc.com / www.abc.2.com / www.2.abc.com / www.jhs.abc.com / www.mem1.abc.com with
dynamic IPs, only common is abc.com rest of are keep on change.
06-23-2020 09:46 PM
Depending on what the domain is, a custom vulnerability signature could work.
06-24-2020 12:55 AM
Thanks for the update.
It's a public domain website. and already firewall see has a vulnerability for this site.
06-24-2020 01:47 PM
Hello,
If the URL filter is flagging it and blocking it, why would you want to block the IP as well? Most sites are hosted by a provider and can we attached to many different sites. Just follow the best practice for URL filtering and DNS sinkhole and let the firewall send telemetry back to PAN so they can update their data bases.
Hope that makes sense.
06-25-2020 04:55 AM
DNS Security feature can detect similar domain
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
