URL Object FQDN settings

cancel
Showing results for 
Search instead for 
Did you mean: 

URL Object FQDN settings

L3 Networker

Hi,

 

i must set the firewall to connect to this webpage www.google.com/recaptcha/api/siteverify

I have a object -> adress groups -> own address group for some other adresses (like itunes.apple.com and so on. There I musst now inser this domain

But i Can set this as a FQDN like the others because "The value in this field is invalid."

 

So anyone an idea how to let the server connect to this domain?

Its for the Sophos Mobile Control service. https://community.sophos.com/kb/en-us/113217

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @clonesheep

 

FQDN objects for services from Google could be problematic anyway as the IP behind the FQDN could change fast and then the firewall does not allow the traffic until the FQDN object os refreshed.

 

In your case you could use a custom URL category to allow exactly this URL (this requires TLS decryption to work as the firewall only sees www.google.com without decrypting the traffic)

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

Hi @clonesheep

 

FQDN objects for services from Google could be problematic anyway as the IP behind the FQDN could change fast and then the firewall does not allow the traffic until the FQDN object os refreshed.

 

In your case you could use a custom URL category to allow exactly this URL (this requires TLS decryption to work as the firewall only sees www.google.com without decrypting the traffic)

Hi @vsys_remo

 

sounds good.Thanks.

But don`t understand what you mean with TLS decryption?

@clonesheep

Does the term "SSL decryption" mean more to you? (I try to avoid using the word SSL as this is TLS in the current versions)

 

What I meant you need the firewall to decrypt this HTTPS traffic (-->decryption policiy), because as I wrote the firewall does not see the actual http-get request without decryption.

ah decryption was no topic until today because we have a ssl proxy.

so is must configure a policies -> decryption -> decryption policy rule ..and what kind of options? SSL Forward Proxy?

Yes exactly. Because you already use another device for this already you want to make sure that really only this traffic here will be decrypted (server as source and maybe a second custom url category that contains "www.google.com")

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!