01-20-2020 12:44 PM - edited 02-21-2020 09:50 AM
I am cleaning up my policy rules and wondering if an asterisk can be used in an ACP? I have read this post but it is from several years ago and not sure if it is still an issue:
https://community.cisco.com/t5/firepower/using-wildcard-in-url-filtering/td-p/3196891
01-20-2020 05:50 PM
Hi,
I have seen * in SSL Decruption policies and it worked fine. For URL filtering rule, can do test shortly if some else didnt configure it recently :)
01-20-2020 08:10 PM
Wildcards are not supported in the ACP. However, for URL objects, an empty space equals any character, like a wildcard. Eg: cisco.com value will match www.cisco.com and also match www.sanfrancisco.com On the other hand, if you wanted to match on only cisco.com, then you can use .cisco.com or www.cisco.com
I hope this helps!
Thank you for rating helpful posts!
01-21-2020 04:54 AM
Is it best practice to use a . for matching subdomains?
Would cisco.com in the acp whitelist policy whitelist:
malicioussitecisco.com ?
.cisco.com would I think prevent the above from whitelisting the above site.
01-20-2020 10:27 PM
01-21-2020 04:46 AM
That's what led to my confusion why my asterisk (used as a wild card) worked in my SSL policy but not in ACP.
01-21-2021 09:49 AM
Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/www.update.microsoft.com/or any other sub domain before .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide