01-14-2019 07:41 AM - edited 03-12-2019 07:13 AM
How are you handling service allowance where wildcard domains are the only firewall configuration provided? Specifically I am looking at a server that needs access to Microsoft PowerBI services. I have attached the documentation provided by Microsoft.
If these were FQDNs I would normally just create a network object group on the ASA and allow the inside server access to the object-group over the specified ports on the insideIN ACL. Since they are wildcards, I am not sure where to apply the ruleset.
We have AMP modules in the 5525-X's and FMC setup. If I can apply these wildcard allowances for this specific machine in an Access Control Policy, what do I need to do on the ASA insideIN ACL so that the traffic is allowed to the AMP module? I know this is not the only service to start to provide large wildcarded URL lists and would like to know how others are managing this.
Thanks for your assistance.
01-15-2019 11:17 AM
in FMC/FTD the firewall looks for a match on the string you enter no matter where in the URL they appear. for example (referencing the document I linked below) cisco.com would match both cisco.com/page and page.cisco.com and www.cisco.com
Check out this link:
Another option would be to place the local server in a seperate DMZ and allow it full internett access and then restrict access to the internal network.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide