Question about wildcard objects

luca1994 · ‎01-23-2024

Hello team,

I have an argument to share and would also like your opinion.
If I create a wildcard FQDN object *.pluto.com qwhen the client does dns traffic I also get sub domains resolved for example foo.pluto.com duck.pluto.com etc.
Now if by chance a subdomain is malevo this is resolved anyway and the fqdn wildcard object is updated with the malevoo ip. What advice can you give me to fix this problem? Or maybe it is not necessary if you configure other security profiles ad hoc?

Thanks

BR

AEK · ‎01-23-2024

Hi Luca

This can't be handled at object level, but at web filter or so.

So you can still use the same object but just add a web filter profile if it is for web access.

AEK

View solution in original post

AEK · ‎01-23-2024

Hi Luca

In your case the wildcard object will contain the 3 FQDN with their IP address. Can you explain what is exactly the problem?

AEK

luca1994 · ‎01-23-2024

Hello @AEK ,

I meant if a malicious fqdn ip is resolved because for example if foo.pluto.com is a malicious subdomain this is resolved and the FQDN wildcard object is updated with the malicious ip address

BR

AEK · ‎01-23-2024

Hi Luca

This can't be handled at object level, but at web filter or so.

So you can still use the same object but just add a web filter profile if it is for web access.

AEK

rosatechnocrat · ‎01-23-2024

Nothing can be done from FQDN resolution perspective. Instead you can Web Filter profile to block traffic going to malicious domains.

Rosa Technocrat --

Also on YouTube---

Please do Subscribe

Question about wildcard objects

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website