I am trying to limit internet access for a server that needs access to several wildcard based domains and I can't figure out if that is possible on a Firepower FTD managed by FMC
As an example, one of the requirements is
*.compute-*.amazonaws.com - TCP 80, 443
My understanding is that wildcards won't work in an FQDN based access rule.
Is a workaround to have a url based rule to allow .amazonaws.com ?
I am confused if this will work as I have only seen URL matching for filtering (blocking) and the other piece of the puzzle is it takes 5 or so packets of a http request before the URL is even seen...
This post talks a bit about creating the wildcard for URL
https://community.cisco.com/t5/network-security/using-wildcard-in-url-filtering/td-p/3196891
Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/ www.update.microsoft.com/ or any other sub domain after .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.
This article specifies that the wildcard won't work as an access rule
https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/214505-configure-fqdn-based-object-for-access-c.html
Thanks
