Meraki

guitb

Within a group policy's 'Allow list URL patterns', do the following configurations have the same effect?

abcd.com

*.abcd.com

My goal is to allow all domains and subdomains of 'abcd.com'.

alemabrahao

No, the asterisk will allow everything that comes before the dot, the URL without the asterisk will not.

For example, if you allow abcd.com and there is an ecommerce.abcd.com, you will not be able to access that URL.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

guitb

Thank you @alemabrahao for the clarification.

Would you happen to know of any Meraki documentation that details this, so I can share it internally?

alemabrahao

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RaphaelL

I was under the impression that the behavior was similar to FQDN support in L3 firewall rules. Which it might not https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support

FQDN rules imply a wildcard when no subdomain is used by prepending a * to the domain.tld. This wildcard is not shown on the Dashboard but is visible in syslog messages if syslog is configured for a network. For example, a rule to permit "yahoo.com" would permit any subdomain under yahoo.com such as mail.yahoo.com. Permitting "mail.yahoo.com" in the rule would only permit mail.yahoo.com and not the TLD or other subdomain of yahoo.com.

ChrisJ2

Hi all,

This can be confusing, as the behavior differs from FQDN usage in L3 firewall rules,

The allow list URL Patterns does not support the use of the Asterix "*" as a wildcard within the URL.

The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard
Note that this isvery rarely useful, except in URLs that actually require asterisk symbols, such as https://web.archive.org/web/*/meraki.com

the "*" can only be used as a 'catch-all' wildcard, allowing or blocking everything.

entering abcd.com into the Allowed URL list, will allow all subdomains of abcd.com, and this would be the recommended usage.

Please refer to the documentation below for more information:

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering#Using_...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

RaphaelL

Hi ,

You are saying it differs , but it doesn't differs in the way that either in L3 firewall or Allowed URLs : abcd.com or *.abcd.com is equal.

ChrisJ2

Hi

Thank you for your reply.

In Allowed URLs, abcd.com will allow all subdomains of abcd.com , whereas "*abcd.com" will only allow the URL "*.abc.com" which is unlikely to be useful.

The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Meraki

Community

Allow list URL patterns

Allow list URL patterns

Block list URL patterns in Group Policy doesn't work for me

URL Black list feed

Blocked url

Radar Event Pattern Detected

Vlan permit to a list of URLs