FQDN based PBF

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

FQDN based PBF

L2 Linker

Hello,

 

I have a customer who wants to replace proxy servers to NGFW.

The proxy server is used for website filtering as well as URL based routing especially for G Suite.

 

Unfortunately, PBF policy rule doesn't have URL as match criteria and only FQDN object can be used for that purpose.

But google publishes some wildcard or single digit number URLs as URL list used by G Suite(and Goodle Drive).

 

ex.

*.drive.google.com

*.clients[N].google.com

 

What I want to do is to accomplish URL based (or similar) PBF without proxy server including above URLs.

 

https://support.google.com/a/answer/2589954

 

Thanks,

Takahiro

 

2 REPLIES 2

Cyber Elite
Cyber Elite
A firewall is not a proxy server, so functionality is different. What is the use case for only a handful of URLs to be rerouted? there could be a different solution by applying firewall logic to a network issue (rather than proxy logic) PBF is tcp/udp oriented routing feature, so it functions best at layer3 and below.
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello,

 

Thank you for your reply.

The customer currently has two internet links, one is for G Suite and the other is for the rest. And a proxy server sits on the latter link. So their PAC file has statement kind of like "direct connect for G Suite URLs and via proxy for the rest".

 

What I want the customer do is to ditch the proxy server for maximum budget allocation to us.

To accomplish this, two internet links are connected to our NGFW and select link based on destination URL which is eventually IP address.

 

We only can use FQDN object for that purpose but FQDN object doesn't support wildcard FQDN as well as FQDN includes an arbitrary number.

This is why I'm looking for a way to accomplish this.

 

Thanks,

Takahiro

  • 4422 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!