10-11-2017 12:10 AM - edited 02-21-2020 06:28 AM
hi,
How can i block all connections to *.microsoft.com (for example)?
Can i use custom URL object *.microsoft.com or firepower doesnt support wildcards?
Solved! Go to Solution.
10-11-2017 05:54 AM
10-11-2017 05:57 AM
Sorry about that - you are correct. I found a technote mentioning this as well:
I tested on my FMC just now and found the same. However if I instead use microsoft.com instead of *.microsoft.com as my url object it works due to substring matching as described in the technote.
10-11-2017 04:55 AM - edited 10-11-2017 04:56 AM
Firepower support wilcards in URL objects.
See the screenshot below taken from my FMC 6.2.2:
10-11-2017 04:59 AM
10-11-2017 05:57 AM
Sorry about that - you are correct. I found a technote mentioning this as well:
I tested on my FMC just now and found the same. However if I instead use microsoft.com instead of *.microsoft.com as my url object it works due to substring matching as described in the technote.
10-11-2017 06:08 AM
10-11-2017 06:17 AM
Quite true - that is a limitation of the current platform.
I will remember to bring this up with the Cisco engineers at next week's Security team event.
02-21-2018 03:37 PM
So, what was the resolution to this?
We have a URL blacklist, with, as an example, 777.com in it.
777.com blocks, but www.777.com does not.
02-22-2018 07:23 AM - edited 02-22-2018 07:24 AM
So, it appears the substring matching works if I create an actual URL object, then block it.
Substring matching, however, does not work, when populating a blacklist/whitelist in the Security Intelligence URL Lists and Feeds.
04-06-2018 10:19 AM
This document might be helpful FTD URL Filtering - How it works?
10-11-2017 05:54 AM
08-01-2018 02:43 PM
what came of this.
IF Firepower can not process wildcard, why does the product allow them to be created. Surely its not that hard to detect a wildcard and not save it and put up a screen that advises so?
01-21-2021 09:40 AM - edited 01-21-2021 10:09 AM
Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/ www.update.microsoft.com/ or any other sub domain after .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.
09-16-2021 03:48 PM - edited 09-16-2021 03:59 PM
In FDM, all sub-websites match by just using the base domain name.
Therefore, just enter microsoft.com
Do not include an asterisk (i.e. *.microsoft.com)
Do not include a dot (i.e. .microsoft.com)
This will match microsoft.com, abc.microsoft.com, and abc.update.microsoft.com
However, notmicrosoft.com will not match
I have been testing this successfully. Here's the reference:
Look under Configuring URL Objects and Groups
I'm using version 7.0.0.1 with FDM, I don't know if previous 6.x versions worked the same way.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: