FQDN based PBF

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
L2 Linker

FQDN based PBF

Hello,

 

I have a customer who wants to replace proxy servers to NGFW.

The proxy server is used for website filtering as well as URL based routing especially for G Suite.

 

Unfortunately, PBF policy rule doesn't have URL as match criteria and only FQDN object can be used for that purpose.

But google publishes some wildcard or single digit number URLs as URL list used by G Suite(and Goodle Drive).

 

ex.

*.drive.google.com

*.clients[N].google.com

 

What I want to do is to accomplish URL based (or similar) PBF without proxy server including above URLs.

 

https://support.google.com/a/answer/2589954

 

Thanks,

Takahiro

 

Tags (3)
Highlighted
L7 Applicator

A firewall is not a proxy server, so functionality is different. What is the use case for only a handful of URLs to be rerouted? there could be a different solution by applying firewall logic to a network issue (rather than proxy logic) PBF is tcp/udp oriented routing feature, so it functions best at layer3 and below.
Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374
Highlighted
L2 Linker

Hello,

 

Thank you for your reply.

The customer currently has two internet links, one is for G Suite and the other is for the rest. And a proxy server sits on the latter link. So their PAC file has statement kind of like "direct connect for G Suite URLs and via proxy for the rest".

 

What I want the customer do is to ditch the proxy server for maximum budget allocation to us.

To accomplish this, two internet links are connected to our NGFW and select link based on destination URL which is eventually IP address.

 

We only can use FQDN object for that purpose but FQDN object doesn't support wildcard FQDN as well as FQDN includes an arbitrary number.

This is why I'm looking for a way to accomplish this.

 

Thanks,

Takahiro

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!