Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
12-31-2024 11:44 AM
I need to create ACLs for outbound access to AWS workspaces using the destination IPs / subnets / FQDNs shown on AWS publication https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#ip-addres....
PAN publishes an EDL for AWS workspace, but it only contains a handful of IPs. Some of the IPs listed in the above URL is not found even in the AWS US ALL IP EDL.
I suppose the next best thing is to create ACL using static IPs and FQDNs, but some of the FQDNs are wildcards. How would you create rules with these as destinations?
https://<directory id>.awsapps.com/ (where <directory id> is the customer's domain)
turn:*.us-west-2.rdn.amazonaws.com
*.prod.us-west-2.highlander.aws.a2z.com
01-02-2025 03:10 PM
Hi @JamesBai ,
For the wildcards, I would test out creating a separate policy that enforces a custom url category that includes all the wildcard domains you need for workspaces. Here is a KB on examples of using wildcards.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
