03-30-2016 10:51 AM
I have been trying to test out a new policy that will need to be implemented by our security team. This involves a Deny All rule, with a rule right above it that allows a list of domains. These domains include SaaS services, Cloud, and other domains that users must access to achieve daily production.
I have tried to make the whitelist based on FQDNs, but I am running into a problem when we have CDNs that are embedded in the destined location. I was able to monitor the 3rd party content and whitelist those URLs as well, but we are still having and issue when some of the domains might have some type of GLB on their end. The PAN does cache 10 IP addresses per FQDN at a time, but I'm afraid that it might not be enough.
We have discussed the options of a web proxy, but I am just curious if anybody has any better ideas on achieving this end goal, specifically with the PAN.
03-30-2016 11:49 AM - edited 03-30-2016 11:50 AM
For DNS domain based rules, you better use the URL filtering functionality. You could create a custom URL category and add all necessary domains to it. Then only allow this custom URL category. This also works without URL filtering license.
03-30-2016 12:26 PM
When I spoke to PAN, URL Filtering only applies to HTTP and HTTPS traffic. Therefore, I don't think that it would work for applications.
03-30-2016 12:33 PM
That´s right, I assumed it were web based applications which are accessed via HTTP/HTTPS. Maybe there is an AppID signature for your particular applications? Do you have examples?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
