06-26-2012 01:26 PM
Is it possible to create a Security Policy with the Destination address as a URL? I would prefer to use the URL to avoid using the IP in case the destination service changes it.
Thanks,
Dennis
06-26-2012 01:31 PM
Yes, create an address object, use the FQDN from the drop down, and enter your URL.
I believe the refresh job runs every 30 minutes to convert that URL to an IP address.
06-26-2012 01:31 PM
Yes, create an address object, use the FQDN from the drop down, and enter your URL.
I believe the refresh job runs every 30 minutes to convert that URL to an IP address.
06-26-2012 01:48 PM
In that case dont forget to add a url-filter aswell for the same FQDN (specially if this is http traffic).
The bad part (security wise) of using FQDN as dstip is that you will rely on what answer the external (compared to the PA itself) dns will bring you.
06-26-2012 02:02 PM
Thanks, creating the address object worked.
06-26-2012 02:03 PM
This is not http traffic, it's secure FTP (as best it can be) on uncommon ports. I will keep the url-filtering underadvisement.
Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
