07-20-2022 01:19 AM
Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network.
I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule.
I suspect its because Palo's periodic update of its IP table for aka.ms misses some of the addresses in use.
Has anyone else experienced this? I'm running PA 9.1.13
07-21-2022 11:46 AM
Hi @JimMcGrady ,
What do you have set for your minimum FQDN refresh time? You can try setting it to 0. refresh The FQDN refresh will be based on the TTL set in DNS.
07-21-2022 03:13 PM
The issue that you'll run into, even if setup as @JayGolf mentioned, is that CDNs like Akami don't have the TTL set to expire as often as they rotate clients to different hosts. This is slightly better if you have the firewall and all connected clients using the same DNS servers, but you can still have the firewall and the client get out of sync even then.
With Microsoft in particular I highly recommend using URL Filtering to limit this traffic instead of trying to utilize FQDN objects if you can. There's imperfect lists of associated Windows update IPs that you can tie with URL Filtering in more secure environments, but FQDNs never work properly for this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
