So we have a url whose ip changes frequently and im not able to make a working rule to for the url. The url uses a specific port as well and in the rule there are 2 specific source ips.
Ive tried the following rule:
the ems2.swims.faa.gov object looks as shown below:
So as you can see in the pic above i have used "*.ems2.swim.faa.gov", i just changed it to this expression and do not know if this one will work as we haven't tested it yet, the previous expression i used was "ems2.swim.faa.gov" which did not work.
Now if the expression used above also doesn't work what should i use to make it work?
Note that https inspection is not enabled but categorize https inspection is enabled.
Firewall cluster is running on R80.20 with cpinfo -y all shown below:
cpinfo -y all
This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..
[CPFC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
[MGMT]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
[FW1]
HOTFIX_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
FW1 build number:
This is Check Point's software version R80.20 - Build 163
kernel: R80.20 - Build 151
[SecurePlatform]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
[CPinfo]
No hotfixes..
[PPACK]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
[DIAG]
No hotfixes..
[CVPN]
HOTFIX_ESOD_SCANNER_AUTOUPDATE
HOTFIX_ESOD_CSHELL_AUTOUPDATE
HOTFIX_ESOD_SWS_AUTOUPDATE
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118
[CPUpdates]
BUNDLE_HCP_AUTOUPDATE Take: 29
BUNDLE_ESOD_SCANNER_AUTOUPDATE Take: 9
BUNDLE_ESOD_CSHELL_AUTOUPDATE Take: 13
BUNDLE_ESOD_SWS_AUTOUPDATE Take: 14
BUNDLE_MAAS_TUNNEL_AUTOUPDATE Take: 53
BUNDLE_INFRA_AUTOUPDATE Take: 41
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 23
BUNDLE_R80_20_JUMBO_HF_MAIN Take: 118
[CPDepInst]
No hotfixes..
[AutoUpdater]
No hotfixes..
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
Also there is another rule which is being used to block traffic to Microsoft URLs as shown below and it works:
The "Block custom URLs" object looks as shown below:
So if this rule works then im assuming https inspection (we will be using a different solution for https inspection) need not be enabled ?
So yeah bottom-line is i need to make the ems2.swims.faa.gov rule to work whenever the ip changes dynamically.
Update : Testing has been done and it looks like that url (*.ems2.swims.faa.gov) also doesnt work.
Thank You.