I am curious what the normal practice is around securing servers from a firewall perspective when they are really meant to be used within a private enterprise environment.
Take DNAC for example. There is about 20 FQDN's required access to on the internet. Every server from every vendor seems to be similar with their own group of required internet based resources and since most are in a large cloud environment the only way is locking down by fqdn or wildcard.
Is it common to create a lengthy FQDN based ACL for outbound access for every server (then deal with the problems as a new resources is required) or is the trend now to allow outbound port 443 for servers and block when a connection is trying to reach malicious IPs plus other checks and balances like IPS/Geography/Reputation etc.
I find dealing with these lengthy ACL's cumbersome and question if I am doing too much...
Thanks
