cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

O365 URL rewrite

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
ckemp
L2 Linker
‎11-15-2018 03:03 PM
‎11-15-2018 03:03 PM

O365 URL rewrite

I'm using minemeld to pull the O365 urls into my PAN. I get a list that has entries like
*.domain.com
sub.domain1.com

 

I need to import those entries and rewrite them so they look like
*.domain.com/
domain.com/
*.sub.domain1.com/
sub.domain1.com/

 

Any pointers would be appreciated.

0 Likes
Reply

Accepted Solutions
Highlighted
lmori
L7 Applicator
‎01-16-2019 03:04 AM
‎01-16-2019 03:04 AM

Hi @ckemp,

are you adding ?v=panosurl at the end of your feed URL?

The link in the EDL config should have the form:

https://<minemeld>/feeds/<feedname>?v=panosurl

View solution in original post

0 Likes
Reply

All Replies
Highlighted
lmori
L7 Applicator
‎11-20-2018 05:47 AM
‎11-20-2018 05:47 AM

Hi @ckemp,

could you tell us more about this rewrite? Why is that needed?

0 Likes
Reply
Highlighted
ckemp
L2 Linker
‎11-20-2018 06:05 AM
‎11-20-2018 06:05 AM

We use an External Dynamic List from minemeld to ingest Office 365 URLs and IPs into PAN. Microsoft presents the urls as *.skype.com. If I go to www.skype.com, I get access. If I go to skype.com, I am blocked. I understand the “*” is a token and PAN expects to find something there, such as “www”, not for to be empty or null. This is a problem. I’m not sure how to manage this other than parse the list again for every *.domain.com entry create a domain.com entry.

0 Likes
Reply
Highlighted
lmori
L7 Applicator
‎11-20-2018 02:09 PM
‎11-20-2018 02:09 PM

Hi @ckemp,

what version of PAN-OS are you running on? I think the matching behavior was changed to let *.skype.com match also skype.com at some point. 

 

Thanks,

luigi

0 Likes
Reply
Highlighted
ckemp
L2 Linker
‎11-20-2018 03:17 PM
‎11-20-2018 03:17 PM

I’m running 8.1.4.
0 Likes
Reply
Highlighted
eyunghans
L1 Bithead
‎12-17-2018 09:16 AM
‎12-17-2018 09:16 AM

I've confirmed this is the behavior on v8.1.5 as well, a specific entry for the root domain is required as a wildcare does not function.

 

@lmori what would be the best way to file this?

 

0 Likes
Reply
Highlighted
lmori
L7 Applicator
‎12-19-2018 02:29 AM
‎12-19-2018 02:29 AM

@eyunghans thanks for testing this. I am working on it. The plan is to enhance panosurl modifier to translate *.domain.com into domain.com and *.domain.com in the generated feed.

0 Likes
Reply
Highlighted
ckemp
L2 Linker
‎12-19-2018 04:55 AM
‎12-19-2018 04:55 AM

Any ETA on when this would be available? 

0 Likes
Reply
Highlighted
lmori
L7 Applicator
‎12-20-2018 07:36 AM
‎12-20-2018 07:36 AM

Just merged the PR to the develop branch on github:

https://github.com/PaloAltoNetworks/minemeld-core/pull/307

 

This will be in the next release. You can test it now if you use the Ansible playbook.

0 Likes
Reply
Highlighted
ckemp
L2 Linker
‎12-20-2018 08:00 AM
‎12-20-2018 08:00 AM

We do not use Ansible playbook. Do you know when the next release will be available?

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks