This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Regular Expression for filtering domains/sub domains

Hello,

First of all, im sorry if this is the wrong section to post this topic.

I would like to know if it is possible to allow connections to destinations such as 'example.com:10995' using regex

Lets say i want to allow access to all connections to sub domains that finish with google.com:2500

So, 123asd.google.com:2500, etc
And there is a LOT of those sub domains so it is not possible to include one by one (More than 100)

123.google.com...
abc.google.com...

Its has to be something like 'Allow all connections that starts with *.google.com:2500' where * means anything.

I already know that i can filter everything that has google.com using regex on Web Filtering, (Like ^https?://([A-Za-z0-9.-]*\.)?google\.com/)
but my question is if i can do the same, or similar, in Network Protection > Firewall

I am also sorry if i did not make myself clear or you did not understand what is my question
I know how to speak english but since this is a very technical question i am not sure if i expressed myself well enough.

Im still learning english

Thank you for your time reading this,

Raul



This thread was automatically locked due to age.
  • hello Raul,

    no, you can't use domain-wildcards with "Network Protection > Firewall". Only DNS-Hosts or DNS-Host-groups are possible.

    You can try to add Port 2500 to the proxy ports and filter hosts/domains here...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • FormerMember
    +1 FormerMember

    Hi Raul,

    Just an explanation to what Dirk said here :) 

    Firewall rules will work on IP bases so even if you add a DNS host in the destination, UTM will try to resolve the IP and then match it against the traffic that was received and if the Destination IP matches the IP which UTM resolved for the DNS host, UTM will follow the action specified in the rule.

    However, You can still specify the required service port if needed in the firewall rule

    You can add a *.google.com in as a DNS host but it won't be resolved and the rule won't work. It is better to do this via Filter Action

  • Olá Raul and welcome to the UTM Community!

    As Dirk and Devesh explained, you can't use REGEX in network definitions, but you can use a firewall rule like:

                     Internal (Network) -> {port 2500} -> {142.250.0.0/15) : Allow

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I see. Thanks for your answer!

  • That was very specific! It gave me a idea...
    I did this way: Created the filter action to allow anything that contained the domain i needed to resolve.

    And on Firewall i allowed the required ports but only from 6h30m PM to 9h30m PM...
    It worked... Thanks bro!

    Its a shame tho - It would be very nice if we could do Filter Actions on Firewall..

  • And i also did not find the "Verify Answer" link.... Where is it?

  • FormerMember
    0 FormerMember in reply to Raul Chiarella

    Thanks! I Have moved the thread to general discussion so you can verify the answer that helped you :) 

    Alternatively, you can also try with IP addresses in destination as Bob mentioned in the comments