Using MineMeld to build a list of IP addresses from a list of domains

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Using MineMeld to build a list of IP addresses from a list of domains

L1 Bithead

Our current MineMeld instance is doing a great job of handling our Office 365 requests. Now I'd like to use it to solve a different problem, but I'm not sure how to go about it.

 

We need to allow outbound app-specific traffic to *.somedomain.com. I tried a URL category but that's not working, probably because this traffic isn't HTTPS or HTTP. I thought that, if I could get MineMeld to resolve that wildcard domain to a list of IP addresses (or ranges), then I could put that list in the firewall policy.

 

Is there a way to get MineMeld to resolve wildcard domains to IP addresses?

 

4 REPLIES 4

L5 Sessionator

Hi @efritz ,

 

depending on the amount of subdomains under subdomain.com you can consider using FQDN Objects or a cloud service that generates the list of IP's (the EDL source) out of a large set of FQDN's. Take a look at the serverless implementation of a FQDN Service Feed 

The problem with the FQDN object is that there are hundreds of subdomain entries, each corresponding to a virtual machine that is generated on the fly and has a hostname consisting of seemingly random characters.

 

The FQDN Service Feed link you provided will probably work but I was hoping for something simpler. This project is for a small group of users and one application. I'll keep that one in mind as a last resort.

@efritz , I'd look for API's or logs available in the engine that is spinning up the VM's in order to get the IP addresses from there (instead of trying to get the IP addresses from the FQDN mapped to them). If these logs exists then it should be quite easy to code a script that uses PAN-OS Dynamic Address Group API with them.

Unfortunately I don't have access to that info. The VMs are spun up by an external company. Oh well.

I've adopted a cruder approach: I created a URL category using the wildcard domains. It gets used in a firewall policy. It's not perfect but it covers 80% of the problem.

 

Thanks, all, for your thoughts.

 

  • 5353 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!