Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this solution



Custom URL category and FQDN object are different configurations all together and used for different requirements.


FQDN object is address object which simply can be used as source Address or Destination Address under Security Policy. For FQDN objects, firewall sends query to its DNS server and get the list of IP addresses associated with that FQDN. Yes Palo Alto maps maximum 10 IP addresses to that FQDN object. And you can't add wildcard domain as a FQDN object as per it's name. It will accept only complete domain.


Now the solution that I am talking about is creation of Custom URL Category (type URL list). You can create custom URL category and add single/multiple wildcard domains under it. Once it is created. it can be called in Security Policy under URL category tab.


For your requirement, security policy would be,

Source IP - Required IP/Network

Destination - Any

APP ID/Service - Required one

URL category - Custom category created by you.

Action - Allow


This policy will allow only traffic which is specific to your desired wildcard domain specified under Custom URL category.

You can refer below article and follow Option 1 : Use URL Category.


Hope it helps!





View solution in original post

Who Me Too'd this solution