Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
0
Helpful
4
Replies

Need to do URL Filtering from Internet to Enterprise Traffic.

Go to solution
subrun.jamil
Level 1
Level 1

‎05-22-2019 07:23 AM - edited ‎02-21-2020 09:09 AM

At My Edge Firewall ( Firepower 8350 ) there is a Firewall rule where I am allowing ANY Internet Traffic reaching to One of my Public IP on Http and Https port.

 

Right Now I want to allow traffic from Certain Domain to be allowed to come in to my Public IP not from WHOLE Internet World. For example I want to allow incoming traffic to my Public IP from below domains.

 

https://*.cnn.com
https://*.bbc.com
http://*.ctv.com
https://*.blob.core.windows.net

 

Note that in my Edge Firewall I have URL Filtering License, is it possible that I can allow these URL's in the ACL to filter the traffic only from above domains ? does it work that way ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to subrun.jamil

‎05-23-2019 05:14 AM

If it's a well known public service, the vendor sometimes documents their public IPs and keeps that documentation up-to-date. For instance, Microsoft does this for Office 365.

For less common domains, you're right. If it's a vendor that you partner with you can possibly arrange a private feed of their addresses and get updated when they change.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-22-2019 07:49 AM

URL filtering only works by analyzing destination URLs.

If you want to restrict source domains, you would need to know their associated IP addresses and restrict based on those. You would put them in a network object and use it as the source in your Access Control Policy rule.

0 Helpful

Go to solution
subrun.jamil
Level 1
Level 1
In response to Marvin Rhoads

‎05-22-2019 09:21 AM

Problem of using the IP address is IP's are always changing and easy to get blocked when new IP Addresses are updated for those domains. What you say  ?

 

Is there any other thoughts Marvin ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to subrun.jamil

‎05-23-2019 05:14 AM

If it's a well known public service, the vendor sometimes documents their public IPs and keeps that documentation up-to-date. For instance, Microsoft does this for Office 365.

For less common domains, you're right. If it's a vendor that you partner with you can possibly arrange a private feed of their addresses and get updated when they change.

0 Helpful

Go to solution
subrun.jamil
Level 1
Level 1
In response to Marvin Rhoads

‎05-24-2019 03:13 PM

Thank You Marvin...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card