Our current MineMeld instance is doing a great job of handling our Office 365 requests. Now I'd like to use it to solve a different problem, but I'm not sure how to go about it.
We need to allow outbound app-specific traffic to *.somedomain.com. I tried a URL category but that's not working, probably because this traffic isn't HTTPS or HTTP. I thought that, if I could get MineMeld to resolve that wildcard domain to a list of IP addresses (or ranges), then I could put that list in the firewall policy.
Is there a way to get MineMeld to resolve wildcard domains to IP addresses?
The problem with the FQDN object is that there are hundreds of subdomain entries, each corresponding to a virtual machine that is generated on the fly and has a hostname consisting of seemingly random characters.
The FQDN Service Feed link you provided will probably work but I was hoping for something simpler. This project is for a small group of users and one application. I'll keep that one in mind as a last resort.
@efritz , I'd look for API's or logs available in the engine that is spinning up the VM's in order to get the IP addresses from there (instead of trying to get the IP addresses from the FQDN mapped to them). If these logs exists then it should be quite easy to code a script that uses PAN-OS Dynamic Address Group API with them.
Unfortunately I don't have access to that info. The VMs are spun up by an external company. Oh well.
I've adopted a cruder approach: I created a URL category using the wildcard domains. It gets used in a firewall policy. It's not perfect but it covers 80% of the problem.
Thanks, all, for your thoughts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!