This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Using MineMeld to build a list of IP addresses from a list of domains

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Using MineMeld to build a list of IP addresses from a list of domains

efritz
L1 Bithead

‎06-11-2020 10:31 AM

Our current MineMeld instance is doing a great job of handling our Office 365 requests. Now I'd like to use it to solve a different problem, but I'm not sure how to go about it.

 

We need to allow outbound app-specific traffic to *.somedomain.com. I tried a URL category but that's not working, probably because this traffic isn't HTTPS or HTTP. I thought that, if I could get MineMeld to resolve that wildcard domain to a list of IP addresses (or ranges), then I could put that list in the firewall policy.

 

Is there a way to get MineMeld to resolve wildcard domains to IP addresses?

 

0 Likes Likes
4 REPLIES 4

xhoms
L5 Sessionator

‎06-11-2020 01:40 PM

Hi @efritz ,

 

depending on the amount of subdomains under subdomain.com you can consider using FQDN Objects or a cloud service that generates the list of IP's (the EDL source) out of a large set of FQDN's. Take a look at the serverless implementation of a FQDN Service Feed 

0 Likes Likes

efritz
L1 Bithead
In response to xhoms

‎06-16-2020 06:44 AM

The problem with the FQDN object is that there are hundreds of subdomain entries, each corresponding to a virtual machine that is generated on the fly and has a hostname consisting of seemingly random characters.

 

The FQDN Service Feed link you provided will probably work but I was hoping for something simpler. This project is for a small group of users and one application. I'll keep that one in mind as a last resort.

0 Likes Likes

xhoms
L5 Sessionator
In response to efritz

‎06-16-2020 06:49 AM - edited ‎06-16-2020 06:50 AM

@efritz , I'd look for API's or logs available in the engine that is spinning up the VM's in order to get the IP addresses from there (instead of trying to get the IP addresses from the FQDN mapped to them). If these logs exists then it should be quite easy to code a script that uses PAN-OS Dynamic Address Group API with them.

0 Likes Likes

efritz
L1 Bithead
In response to xhoms

‎06-17-2020 07:35 AM

Unfortunately I don't have access to that info. The VMs are spun up by an external company. Oh well.

I've adopted a cruder approach: I created a URL category using the wildcard domains. It gets used in a firewall policy. It's not perfect but it covers 80% of the problem.

 

Thanks, all, for your thoughts.

 

0 Likes Likes
  • 6073 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks