This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Help whitelisting a URL that routes through Cloudfront

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Help whitelisting a URL that routes through Cloudfront

BenOesterling
L0 Member

‎04-19-2024 01:23 PM

Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it.  The website I am whitelisting is https://www.pahealthwellness.com/login.html.  When you make some selections on the page, it redirects to https://sso.entrykeyid.com . I have a rule set to allow both those URL's with wildcards, but the bigger problem is that the traffic is hitting cloudfront and getting blocked based on that.  I dont want to whitelist all of cloudfront, but I cant figure out a way around this.  I can give more detail if needed, I just want to see if I am missing something basic here.

2 REPLIES 2

EricHaug
L0 Member

‎07-30-2024 09:37 AM

I have a similar problem and I can't even get things to work after whitelisting *.cloudfront.net.  It's as if the laptop's DNS is resolving to an IP address different than the Palo Alto.  I have the Minimum FQDN refresh time set to zero in Device > Setup > Services but it still won't match the policy.

0 Likes Likes

Adrian_Jensen
L6 Presenter

‎07-30-2024 02:08 PM - edited ‎07-30-2024 02:10 PM

It sounds (and after a quick check of pahealthwellness.com confirmed) that website is using fast-flux DNS. The DNS resolution is constantly changing over a range of IPs, so the firewall and client DNS responses will diverge, and hence the firewall doesn't know the IP the client browser is currently connecting to is actually the same as the FQDN in the firewall. There are really only 2 options if you want to whitelist this server and block other traffic. See my previous thread here:

https://live.paloaltonetworks.com/t5/panorama-discussions/frequently-changing-ip-for-a-fqdn/td-p/547...

 

https://www.paloaltonetworks.com/cyberpedia/what-is-a-fast-flux-network

 

Note: The PA minimum FQDN refresh time will never drop below 30sec (regardless of the config setting) as that is hardcoded to prevent the firewall from thrashing on invalid/extremely short TTL FQDNs.

0 Likes Likes
  • 756 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks