01-20-2020 12:44 PM - edited 02-21-2020 09:50 AM
I am cleaning up my policy rules and wondering if an asterisk can be used in an ACP? I have read this post but it is from several years ago and not sure if it is still an issue:
https://community.cisco.com/t5/firepower/using-wildcard-in-url-filtering/td-p/3196891
01-20-2020 05:50 PM
Hi,
I have seen * in SSL Decruption policies and it worked fine. For URL filtering rule, can do test shortly if some else didnt configure it recently :)
01-20-2020 08:10 PM
Wildcards are not supported in the ACP. However, for URL objects, an empty space equals any character, like a wildcard. Eg: cisco.com value will match www.cisco.com and also match www.sanfrancisco.com On the other hand, if you wanted to match on only cisco.com, then you can use .cisco.com or www.cisco.com
I hope this helps!
Thank you for rating helpful posts!
01-21-2020 04:54 AM
Is it best practice to use a . for matching subdomains?
Would cisco.com in the acp whitelist policy whitelist:
malicioussitecisco.com ?
.cisco.com would I think prevent the above from whitelisting the above site.
01-20-2020 10:27 PM
01-21-2020 04:46 AM
That's what led to my confusion why my asterisk (used as a wild card) worked in my SSL policy but not in ACP.
01-21-2021 09:49 AM
Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/www.update.microsoft.com/or any other sub domain before .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: