Allow wildcard subdomains in Firewall rules
Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.
We would like to allow/deny connections based on a wildcard subdomain (think *.example.com). Only way to do that is to reverse DNS the destination IP and allow/deny based on the wildcard rule?
Although there is the common possibility that the reverse DNS is not the same as the A or CNAME record requested, so I'm not sure how useful that would be.
But, we would really appreciate the ability to filter based on wildcard subdomains.. like *.update.microsoft.com. See:
You can now do this with FQDN objects
Fares Istaitieh commented
This is good.
when we can start using it? is it available on Sophos SG UTM too?
Sumit Rai commented
The feature is available now in Hosts and Services > FQDN Host. But it is still not available in Web Categories.
This is already possible - we do it currently, and for Microsoft as per your post.
Create a new category
Add the domain as a keyword (*.microsoft.com)
Apply to your web policy at the top as allowed
Sampa Chisulo commented
i would like to prioritise the traffic for exchange online and office 365. mircosoft has listed the urls and ports used. the main port used is 443 which is https. some of the urls have wild cards in them. how can i make a rule in this regard?
That is technical impossible! FQDN-Domains will be resolve as ip list. In DNS you can't search all A & AAAA-Records for a all possible combination of an url.
AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
Can you provide some more information about this request, please. For example:
- Which page of the product UI does it refer to? Which configuration setting?
- An example showing what specific problem you want to solve with this feature
- Some information about the value of this solution to you/your business
Kalpesh Panchal commented
WILDCARD ENDTRY ON FQDN BASE