Allow wildcard subdomains in Firewall rules
Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.
We would like to allow/deny connections based on a wildcard subdomain (think *.example.com). Only way to do that is to reverse DNS the destination IP and allow/deny based on the wildcard rule?
Although there is the common possibility that the reverse DNS is not the same as the A or CNAME record requested, so I'm not sure how useful that would be.
But, we would really appreciate the ability to filter based on wildcard subdomains.. like *.update.microsoft.com. See:
This feature is planned for XG V17
Sumit Rai commented
The feature is available now in Hosts and Services > FQDN Host. But it is still not available in Web Categories.
This is already possible - we do it currently, and for Microsoft as per your post.
Create a new category
Add the domain as a keyword (*.microsoft.com)
Apply to your web policy at the top as allowed
Sampa Chisulo commented
i would like to prioritise the traffic for exchange online and office 365. mircosoft has listed the urls and ports used. the main port used is 443 which is https. some of the urls have wild cards in them. how can i make a rule in this regard?
That is technical impossible! FQDN-Domains will be resolve as ip list. In DNS you can't search all A & AAAA-Records for a all possible combination of an url.
Can you provide some more information about this request, please. For example:
- Which page of the product UI does it refer to? Which configuration setting?
- An example showing what specific problem you want to solve with this feature
- Some information about the value of this solution to you/your business
Kalpesh Panchal commented
WILDCARD ENDTRY ON FQDN BASE