- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello,
I need to match several hundred sites with construction as follows:
https://category.100.somedomain.com
https://category.101.somedomain.com
...
https://category.nnn.somedomain.com
Where 'nnn' is some 3-digit number and the population of them is not known (by me) directly.
I cannot use '*.somedomain.com' because 'somedomain.com' in this case is a well-known online file storage site and I need to allow access only to those where 'category' matches our industry. NOTE: There is an in-built application for this site but it doesn't permit the specific industry matching we require.
Under past TAC cases I've been advised to stay away from using regex expression out of performance concerns (in our case the first several regex custom applications seemed to work fine but when we added a 10th the enforcing gateways began to falter).
Ideally I'd like '?' to work like it does in many other products so I could use 'category.???.somedomain.com' but I don't see any mention of the '?' in the documentation on the topic.
What have you done in your environments in a situation like mine?
Thank you for reading.
What I always do in cases like this is something along these lines. So say, you want to allow EVERYTHING news.com, I just do *news* and works perfectly well. Now, for some sites, like linkedin, logmein etc, you have to also add corresponding apps to whitelist. Now, in your case, its a bit tricky. But, you could try with domain object...for example .*.category.*.domain.com OR for wildcard it may look like *.category.*.domain.*
I would be happy to do remote with you if you want and try get this working. I had been doing lots of this stuff in the past year or so.
Thank you for your reply 'the_rock' - I've been under the impression that domain objects are not suitable for custom applications, is this belief misguided?
I would not say its misguided, but it really depends on the scenario. Personally, I ONLY use domain object if custom app site does not work.
You can check below posts as well:
So sk165094 clearly states regular expressions and wildcards out of performance concerns but if you must use them avoid using wildcards in the regex. Perhaps my previous attempts did just that and then explains why I've avoided them since.
In addition, this thread makes me think I need to stick with the 'custom application' approach (because 1) I'm working in the Application Control and URL Filtering blade and 2) the traffic is http/https):
I'll see what I get with (the trailing '\/' is courtesy of sk174194):
\/category-[0-9][0-9][0-9]\.domain\.com\/
I do appreciate your review and comments.
Personally, I never bother with regular expressions. I cant count how many times I worked with TAC trying to make that worked and it always fails. I just use approach I mentioned and never have any issues.
Traffic is matching, now to see if the regex introduces too much processing overhead.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY