Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11036
Views
0
Helpful
3
Replies

FQDN with wildcards?

Eric Snijders
Level 1
Level 1

‎11-22-2019 05:29 AM - edited ‎02-21-2020 09:42 AM

So, we have the need to "whitelist" several domains with wildcards. Now i have learned FQDN objects can't have wildcards in them, but what is the way to go if i need to whitelist wildcard domains for HTTPS traffic, in this case?

0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎11-24-2019 03:35 AM

The FQDN-based ACLs on the ASA can't do that. But you can do it in the firepower service-module and also on Firepower Thread Defense (FTD).

0 Helpful

dustinap
Level 1
Level 1
In response to Karsten Iwen

‎01-24-2021 01:41 PM

Is this confirmed to be true or has it been tested to work with " wildcard " FQDN?

I read and linked a Q / A below from the cisco documentation stating that it is not an available feature for 6.3.0, and another here stating the same for version 6.6. 

6.3.0: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214698-understand-fqdn-feature-on-firepower-thr.html

6.6.0: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/reusable_objects.html#ID-2243-000000f2  

Q: Is it possible to use wildcards, like *.microsoft.com?
A: No. FQDN must begin and end with a digit or letter. Only letters, digits, and hyphens are allowed as internal characters.

0 Helpful

Karsten Iwen
VIP
VIP
In response to Karsten Iwen

‎01-24-2021 02:31 PM

On FTD/Firepower Service module you would use the URL-Filter for that. Although you can't use "*.example.com", with the matching logic, if you configure "example.com" to be matched, it matches also "anything.example.com".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card