Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5173
Views
16
Helpful
6
Replies

Are wildcards in URL filtering supported?

ryan14
Level 1
Level 1

‎01-20-2020 12:44 PM - edited ‎02-21-2020 09:50 AM

I am cleaning up my policy rules and wondering if an asterisk can be used in an ACP? I have read this post but it is from several years ago and not sure if it is still an issue:

 

https://community.cisco.com/t5/firepower/using-wildcard-in-url-filtering/td-p/3196891

0 Helpful
6 Replies 6

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎01-20-2020 05:50 PM

Hi,

 

I have seen  *  in SSL Decruption policies and it worked fine. For URL filtering rule, can do test shortly if some else didnt configure it recently :)

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎01-20-2020 08:10 PM

Wildcards are not supported in the ACP.  However, for URL objects, an empty space equals any character, like a wildcard. Eg: cisco.com value will match www.cisco.com and also match www.sanfrancisco.com On the other hand, if you wanted to match on only cisco.com, then you can use .cisco.com or www.cisco.com

I hope this helps!

Thank you for rating helpful posts!

ryan14
Level 1
Level 1
In response to nspasov

‎01-21-2020 04:54 AM

Is it best practice to use a . for matching subdomains?

Would cisco.com in the acp whitelist policy whitelist:

malicioussitecisco.com ?

 

.cisco.com would I think prevent the above from whitelisting the above site.

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎01-20-2020 10:27 PM

Hi,

 

I just made a test on FMC 6.4.0.4, one time use plain URL without any Regex and URL blocking worked fine. When i used * in URL list, it is no more blocking that URL. Have a look on the attached snapshot

Preview file
325 KB
Preview file
555 KB

ryan14
Level 1
Level 1
In response to Muhammad Awais Khan

‎01-21-2020 04:46 AM

That's what led to my confusion why my asterisk (used as a wild card) worked in my SSL policy but not in ACP.

0 Helpful

Rokib Hasan
Level 1
Level 1

‎01-21-2021 09:49 AM

Firepower does support wildcard, but not this format like  (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/www.update.microsoft.com/or any other sub domain before .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card