Para los que queráis migrar vuestro Firewall de Nueva Generacion Palo Alto Networks de la version 3.1 a la 4.1.X y teneis licencia de URL Filtering activada debeis tener en cuenta que si en algun “Url Profile” teneis añadidas excepciones de urls en el Allow List o en el Deny List estas ahora han de cumplir nuevos criterios, pero lo mas importante es que no se puede usar la barra y el asterisco juntos.
ej: *.paloaltonetworks.com/* Ya no es valido, hay que reemplazarlo por *.paloaltonetworks.com
En la ayuda se detalla que caracteres no pueden utilizarse y como hay que definir las urls, os atacho unas lineas de la ayuda oficial:
Enter the IP addresses or URL path names of web sites that you want to block or generate alerts for (one per line). You can omit the “http[s]://” portion of the URLs. Entries in the block list are an exact match and are case-insensitive. For example, “www.ebay.com” is different from “ebay.com” If you want to block the entire domain, you should include both “*.ebay.com” and “ebay.com”.
Examples:
• www.ebay.com
• 198.133.219.25/en/US
Block and allow lists support wildcard patterns. The following characters are considered separators:
. / ? & = ; +
Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:
*.yahoo.com (Tokens are: “*”, “yahoo” and “com”) www.*.com (Tokens are: “www”, “*” and “com”) www.yahoo.com/search=* (Tokens are: “www”, “yahoo”, “com”, “search”, “*”)
The following patterns are invalid because the character “*” is not the only character in the token.
ww*.yahoo.com www.y*.com
Advertisement
