If you have FQDN then you can just add FQDN object in the rule
If you want to add a wildcard or multiple URLs in a group then you can create a custom URL category
Objects -> Custom objects -> URL categories - > Add
Add your URLs
*.mail.protection.outlook.com/
smtp.office365.com/
Always end with a / ending token
Blurb from the palo:
For domain entries, we recommend you use an ending token. Acceptable tokens are: . / ? & = ; +. If you choose not to use an ending token, you may block or allow more URLs than anticipated. For example, if you want to allow xyz.com and enter the domain as 'xyz.com,' you will allow xyz.com and URLs such as xyz.com.random.com. However, if you enter the domain as 'xyz.com/,' you will only allow xyz.com.
More info here:
https://docs.paloaltonetworks.com/advanced-url-filtering/administration/configuring-url-filtering/url-category-exceptions
CLI
set profiles custom-url-category URL-CC-OSCP-CRL description "Custom URL category for OSCP"
set profiles custom-url-category URL-CC-OSCP-CRL type "URL List"
set profiles custom-url-category URL-CC-OSCP-CRL list [ crl.globalsign.net www.d-trust.net cdp1.public-trust.com crl.cnnic.cn crl.entrust.net crl.globalsign.com crl.globalsign.net crl.identrust.com crl.thawte.com crl3.digicert.com crl4.digicert.com s1.symcb.com www.d-trust.net isrg.trustid.ocsp.identrust.com ocsp.digicert.com ocsp.entrust.net ocsp.globalsign.com ocsp.omniroot.com ocsp.startssl.com ocsp.thawte.com ocsp2.globalsign.com ocspcnnicroot.cnnic.cn root-c3-ca2-2009.ocsp.d-trust.net root-c3-ca2-ev-2009.ocsp.d-trust.net s2.symcb.com aia.startssl.com apps.identrust.com cacert.omniroot.com ]
No comments:
Post a Comment