We are dealing with a request for a firewall rule which is supposed to allow SMB traffic (TCP 445) to a wildcard destination like *.subdomain.example.com out on the internet. So this made me think about how we should implement such a rule and I am not even sure it can be done or at least I don't know how. If this would be HTTP/HTTPS traffic we could create a customer URL category in order to be used in a rule with an allow action. But when the protocol isn't HTTP/HTTPS but something like SMB or SSH and so on, I don't think the URL category will be a factor. Also creating a FQDN object is not an option since it won'd allow wildcards.
Any other ideas or suggestions from your side? Many thanks and regards
Solved! Go to Solution.
The Url categories are determined by http “Get” command so no chance... the only other time url cats will kick in is when perhaps something like smtp traffic is encrypted via tls. palo will then use certificate details to guess the category Just like undecrypted https traffic.
wildcards cannot be used in fqdn as palo turns your string into a regex kinda dns search... the search criteria is within square brackets and cannot include some special characters such as an asterisk.
Sorry wouldnot acept unencrypted but it has now...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!