09-30-2019 08:05 AM
How can I effectively block shortened links on firewall? I can't figure a wildcard url format for them.
Please advise.
09-30-2019 02:25 PM
Due to the limitations in place on the firewall, it's actually best to do this on your DNS servers.
10-01-2019 05:56 AM
do you know how to block them on DNS servers? is there a standard way to do it?
10-02-2019 12:10 PM
Hello,
One way is to sinkhole then on your dns. Meaning have them resolve to an IP that goes no where or that you block on the PAN. That way the dns never resolves and the user never gets there.
Cheers!
10-02-2019 12:13 PM
The standard way would be to create a DNS entry for the domain on your internal DNS servers; the entry would reference an IP that, as @OtakarKlier mentioned, you've either blocked or setup specifically as a sinkhole host.
10-02-2019 12:15 PM
thank you @BPry @OtakarKlier . I'm doing DNS sinkhole on many domains but the issue I'm facing with shortened links are they don't have a specific identifiers/domain names.
10-02-2019 12:17 PM
Hello,
Gotcha, however the shortened links should resolve to the full ones at some point and the PAN should be able to block those via categories.
Regards,
10-02-2019 12:28 PM
True. Shortened URLs in emails really cause issues to both admins and users . We train our users to look at the link before clicking them but these links are giving them hard time. so, I was looking at blocking them in the initial stage itself.
I wish Palo has a url category called 'shortened links'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
