Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
05-17-2022 02:31 PM
Hello Community,
I checking to see what everyone is doing for their allow lists for some thing like an S3 bucket.
Scenario: Lets say my server has no internet access due to policies denying the traffic. I then create an object, FQDN, xyz-s3.amazon[.]com (just as an example), add it to a policy that allows my server to access just that s3 bucket.
Problem: Most of the CDN (Content Delivery Network) providers use FAST DNS switching, which in some cases causes DNS caching issues. This happens because of quick changing FQDNs at the CDN side.
Solutions?
Set the minimum FQDN Refresh timer(sec) to 0 (Zero) https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/networking-features/fqdn-refresh-re...
Anyone doing this and have you seen any issues? Are you doing something else that is working? I know about custom URL's and plan on doing this as well, however there are many instances where the URL filter will not be hit, ie not a HTTP request.
Thanks in advance for your input.
Cheers!
