Security policy using wildcard destinations and NON http/https protocols


Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

L1 Bithead

Security policy using wildcard destinations and NON http/https protocols

Dear community 


We are dealing with a request for a firewall rule which is supposed to allow SMB traffic (TCP 445) to a wildcard destination like * out on the internet. So this made me think about how we should implement such a rule and I am not even sure it can be done or at least I don't know how. If this would be HTTP/HTTPS traffic we could create a customer URL category in order to be used in a rule with an allow action. But when the protocol isn't HTTP/HTTPS but something like SMB or SSH and so on, I don't think the URL category will be a factor. Also creating a FQDN object is not an option since it won'd allow wildcards. 


Any other ideas or suggestions from your side? Many thanks and regards



L7 Applicator

The Url categories are determined by http “Get” command so no chance...  the only other time url cats will kick in is when perhaps something like smtp traffic is encrypted via tls. palo will then use certificate details to guess the category Just like undecrypted https traffic.


wildcards cannot be used in fqdn as palo turns your string into a regex kinda dns search... the search criteria is within square brackets and cannot include some special characters such as an asterisk.


Sorry wouldnot acept unencrypted but it has now...

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!