Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
776 Views 2 Replies Latest reply: Mar 7, 2012 11:18 AM by mtuma RSS
armalite Newcomer 18 posts since
Dec 14, 2011
Currently Being Moderated

Mar 7, 2012 10:28 AM

Access Rule based on a on a DNS Domain

Hi List,

 

 

i want to create a access Rule for a network for access the Windows Update Services.

 

But neither i know the Ip Adresses nor the complete fdqn of the Hosts.

 

The Rule should include something like this:

 

http://*.windowsupdate.microsoft.com

http://*.update.windows.com

http://*.windowsupdate.com

 

and so on. But can't use Wild Cards in this way on a Access Rule.

 

can someone please tell me, how to accomplish this?

 

We are using Sidewinder 8.

 

 

 

thanks in advance

 

Andreas

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. Mar 7, 2012 10:58 AM (in response to armalite)
    Re: Access Rule based on a on a DNS Domain

    You can create "Domain" network objects like this:-

     

    Capture4.JPG

    and this essentially means "*.windowsupdate.com". If you create domain objects for windowsupdate.com, update.windows.com, windowsupdate.microsoft.com and then put these objects into a netgroup (though I think in v8 you can specifiy multiple endpoint values) you should then be able to create a rule to control outbound access to these locations.

     

    The Firewall doesn't have the capacity to control access by specific URLs (though you could try using SmartFilter to do this), but an outbound rule for the HTTP application to these destinations should do the job.

     

    Hope that helps.

    -Phil.

  • mtuma McAfee SME 317 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Mar 7, 2012 11:18 AM (in response to PhilM)
    Re: Access Rule based on a on a DNS Domain

    Phil is absolutely correct. It is important however, to understand how domain objects work. They rely on reverse DNS to work, and unfortunately reverse DNS is not always reliable. Basically what will happen is you make a connection to x.x.x.x. The firewall takes x.x.x.x and does a reverse lookup on it to find the PTR record. If the PTR record domain matches your domain object, then the traffic will be allowed (or denied).

     

    Smartfilter is the best bet in this case. Smartfilter does not have to rely on reverse DNS, it simply looks at the URL of the request.

     

    -Matt

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points