10-11-2017 12:10 AM - edited 02-21-2020 06:28 AM
hi,
How can i block all connections to *.microsoft.com (for example)?
Can i use custom URL object *.microsoft.com or firepower doesnt support wildcards?
Solved! Go to Solution.
10-11-2017 05:54 AM
10-11-2017 05:57 AM
Sorry about that - you are correct. I found a technote mentioning this as well:
I tested on my FMC just now and found the same. However if I instead use microsoft.com instead of *.microsoft.com as my url object it works due to substring matching as described in the technote.
10-11-2017 04:55 AM - edited 10-11-2017 04:56 AM
Firepower support wilcards in URL objects.
See the screenshot below taken from my FMC 6.2.2:
10-11-2017 04:59 AM
10-11-2017 05:57 AM
Sorry about that - you are correct. I found a technote mentioning this as well:
I tested on my FMC just now and found the same. However if I instead use microsoft.com instead of *.microsoft.com as my url object it works due to substring matching as described in the technote.
10-11-2017 06:08 AM
10-11-2017 06:17 AM
Quite true - that is a limitation of the current platform.
I will remember to bring this up with the Cisco engineers at next week's Security team event.
02-21-2018 03:37 PM
So, what was the resolution to this?
We have a URL blacklist, with, as an example, 777.com in it.
777.com blocks, but www.777.com does not.
02-22-2018 07:23 AM - edited 02-22-2018 07:24 AM
So, it appears the substring matching works if I create an actual URL object, then block it.
Substring matching, however, does not work, when populating a blacklist/whitelist in the Security Intelligence URL Lists and Feeds.
04-06-2018 10:19 AM
This document might be helpful FTD URL Filtering - How it works?
10-11-2017 05:54 AM
08-01-2018 02:43 PM
what came of this.
IF Firepower can not process wildcard, why does the product allow them to be created. Surely its not that hard to detect a wildcard and not save it and put up a screen that advises so?
01-21-2021 09:40 AM - edited 01-21-2021 10:09 AM
Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/ www.update.microsoft.com/ or any other sub domain after .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.
09-16-2021 03:48 PM - edited 09-16-2021 03:59 PM
In FDM, all sub-websites match by just using the base domain name.
Therefore, just enter microsoft.com
Do not include an asterisk (i.e. *.microsoft.com)
Do not include a dot (i.e. .microsoft.com)
This will match microsoft.com, abc.microsoft.com, and abc.update.microsoft.com
However, notmicrosoft.com will not match
I have been testing this successfully. Here's the reference:
Look under Configuring URL Objects and Groups
I'm using version 7.0.0.1 with FDM, I don't know if previous 6.x versions worked the same way.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide