01-10-2025 07:36 AM
Once a week, someone reports having issues accessing a site. Today that issue involves a credit card processing page that is aging-out because there is no SSL inspection exception. FW Logs of course show an IP address (no URL/FQDN), and the rule to allow access or exclude from ssl inspection requires using an FQDN.
The page URL in address bar has been allowed and browser/dev tools/console/sources does not indicate any other place where the browser is trying to go. I also look at OpenDNS reports to see what DNS queries the user made around the same time. There can be 100 sites within a few seconds, so I end up doing an NSLOOKUP on each of the FQDNs in the OpenDNS report to see if the IP matches the blocked traffic in the FW. Once I match the FQDN to the IP, I know that is the FQDN that needs to be unblocked in the FW.
This is a very tedious process, and after spending an hour on this today, I am not able to find the right FQDN to match the IP's that are being blocked.
Does anyone have a tool or better way to locate FQDNs for blocked IP's? If life were easy, OpenDNS (OR PALO) would record both the FQDN and the translated IP when DNS is queried so I would not have to search for it, but alas, that doesn't seem to be a thing for any vendor, so I keep having to do these treasure hunts on a regular basis.
Any suggestions/tricks/tips would be greatly appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
