Using wildcard with complex FQDN hostname

Hi,

 

complex FQDN hostnames (ex.: 11.133.226.35.bc.googleusercontent.com) are not resolved by using wildcard (*.bc.googleusercontent.com). 

 

Any workaround?

 

  • Hi,

    a bit more information would help eg where are you using this wildcard FQDN and what are you trying to achieve?

    Ian

  • In reply to rfcat_vk:

    rfcat_vk

    Hi,

    a bit more information would help eg where are you using this wildcard FQDN and what are you trying to achieve?

    Ian

     

    Because the destination IP is dynamic.

     

    Details : 

    We need to access Nest cameras recordings on the cloud. When accessing the recording on the web, the Firewall IPS is triggered and that results in a choppy video. The solution is to create a rule :

     

    Destination : Nest cloud server IPs

    IPS : None

     

    I was able to make it work by getting few destination IPs from the log viewer :35.193.198.159,35.232.28.250,35.192.56.207,35.230.168.221.... But these IPs change frequently.

    A reverse lookup return this :

    35.193.198.159  returns 159.198.193.35.bc.googleusercontent.com
    35.232.28.250  returns 250.28.232.35.bc.googleusercontent.com

    ...

     

    Since the IPs are dynamic, I need the DNS to help figure out the new IPs. FQDN is then needed. 

     

     

     

  • In reply to Speatech:

    Hi,

    please post a screen shot of your expanded rule.

    Thank you

    Ian

  • In reply to rfcat_vk:

    Hi,

    the issue being that URL does not resolve is why it does not work, with or without the wildcard

    Ian

  • In reply to rfcat_vk:

    exactly why I said on the first post

  • In reply to Speatech:

    But it also does not resolve without the IP address in front.

    In the log viewer set to web what is the URL your application tries to connect to.

    You previously provided log viewer output in firewall mode which gave you an IP address or two.

    I had this trouble with my weather station where I was connecting to the suppliers site, but they were using a different url to provide the weather and security information.

    Ian