Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2142
Views
0
Helpful
1
Replies

wildcard URL for cloud services

Jonathan Harrison
Level 1
Level 1

‎01-14-2019 07:41 AM - edited ‎03-12-2019 07:13 AM

How are you handling service allowance where wildcard domains are the only firewall configuration provided?  Specifically I am looking at a server that needs access to Microsoft PowerBI services.  I have attached the documentation provided by Microsoft.

 

If these were FQDNs I would normally just create a network object group on the ASA and allow the inside server access to the object-group over the specified ports on the insideIN ACL.  Since they are wildcards, I am not sure where to apply the ruleset.

 

We have AMP modules in the 5525-X's and FMC setup.  If I can apply these wildcard allowances for this specific machine in an Access Control Policy, what do I need to do on the ASA insideIN ACL so that the traffic is allowed to the AMP module?  I know this is not the only service to start to provide large wildcarded URL lists and would like to know how others are managing this. 

 

Thanks for your assistance.

Labels:
Preview file
59 KB
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎01-15-2019 11:17 AM

in FMC/FTD the firewall looks for a match on the string you enter no matter where in the URL they appear.  for example (referencing the document I linked below) cisco.com would match both cisco.com/page and page.cisco.com and www.cisco.com

Check out this link:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14

 

Another option would be to place the local server in a seperate DMZ and allow it full internett access and then restrict access to the internal network.

 

Hope this helps.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card