Solved: FQDN Object *.google.com in ASA

francoisverges · ‎06-07-2013

Hey everyone,

I know it is possible to define a FQDN objects in an ASA as shown in this document : https://supportforums.cisco.com/docs/DOC-17014

My question is, would it be possible to create a FQDN object using the "*" to desine everything (Ex: *.google.com to desine all the sub google URL) ?

In other words, would it be possible to do the following :

object network google.com

fqdn *.google.com

I doubt it is possible but I just want to have a confirmation from you guys.

Thank you for your help.

François

Julio Carvajal · ‎06-07-2013

Hello Francois,

Hmm, does not look right, the FQDN is not a regex interpreter so I would say it will not do it,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎06-07-2013

Hello Francois,

Hmm, does not look right, the FQDN is not a regex interpreter so I would say it will not do it,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

francoisverges · ‎06-10-2013

Thank you for your reply.

I did some testing and I confirm that it is not possible :

asa(config)# object network google.com

asa(config-network-object)# fqd

asa(config-network-object)# fqdn *.google.com

ERROR: Invalid FQDN. FQDN must begin and end with a digit/letter. Only letters, digits, and hyphen are allowed as internal characters. Labels are separated by a dot.

koolasice · ‎12-27-2018

This should work like this ...

object network google.com.FQDN

fqdn google.com

object-group network google.com.URL

network-object object google.com.FQDN