https://community.cisco.com/t5/network-security/wildcard-url-for-cloud-services/m-p/3780497#M1011415 <P>in FMC/FTD the firewall looks for a match on the string you enter no matter where in the URL they appear.&nbsp; for example (referencing the document I linked below) cisco.com would match both cisco.com/page and page.cisco.com and <A href="http://www.cisco.com" target="_blank">www.cisco.com</A></P> <P>Check out this link:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14" target="_self">https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14</A></P> <P>&nbsp;</P> <P>Another option would be to place the local server in a seperate DMZ and allow it full internett access and then restrict access to the internal network.</P> <P>&nbsp;</P> <P>Hope this helps.</P> Tue, 15 Jan 2019 19:17:34 GMT Marius Gunnerud 2019-01-15T19:17:34Z https://community.cisco.com/t5/network-security/wildcard-url-for-cloud-services/m-p/3779270#M1011414 <P>How are you handling service allowance where wildcard domains are the only firewall configuration provided?&nbsp; Specifically I am looking at a server that needs access to Microsoft PowerBI services.&nbsp; I have attached the documentation provided by Microsoft.</P> <P>&nbsp;</P> <P>If these were FQDNs I would normally just create a network object group on the ASA and allow the inside server access to the object-group over the specified ports on the insideIN ACL.&nbsp; Since they are wildcards, I am not sure where to apply the ruleset.</P> <P>&nbsp;</P> <P>We have AMP modules in the 5525-X's and FMC setup.&nbsp; If I can apply these wildcard allowances for this specific machine in an Access Control Policy, what do I need to do on the ASA insideIN ACL so that the traffic is allowed to the AMP module?&nbsp; I know this is not the only service to start to provide large wildcarded URL lists and would like to know how others are managing this.&nbsp;</P> <P>&nbsp;</P> <P>Thanks for your assistance.</P> Tue, 12 Mar 2019 14:13:30 GMT https://community.cisco.com/t5/network-security/wildcard-url-for-cloud-services/m-p/3779270#M1011414 Jonathan Harrison 2019-03-12T14:13:30Z https://community.cisco.com/t5/network-security/wildcard-url-for-cloud-services/m-p/3780497#M1011415 <P>in FMC/FTD the firewall looks for a match on the string you enter no matter where in the URL they appear.&nbsp; for example (referencing the document I linked below) cisco.com would match both cisco.com/page and page.cisco.com and <A href="http://www.cisco.com" target="_blank">www.cisco.com</A></P> <P>Check out this link:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14" target="_self">https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14</A></P> <P>&nbsp;</P> <P>Another option would be to place the local server in a seperate DMZ and allow it full internett access and then restrict access to the internal network.</P> <P>&nbsp;</P> <P>Hope this helps.</P> Tue, 15 Jan 2019 19:17:34 GMT https://community.cisco.com/t5/network-security/wildcard-url-for-cloud-services/m-p/3780497#M1011415 Marius Gunnerud 2019-01-15T19:17:34Z