FQDN Google

SOLVED
Fabian1
Getting noticed

FQDN Google

Hi everyone,

 

I'm trying to build FQDN rules for direct Google access. I build almost all URLs that are listed here: https://support.google.com/a/answer/2589954?hl=en

 

But I stuck with one last rule: *.clients[N].google.com

 

Rules with *.*.google.com  are not allowed, and I guess *.google.com will not match the entry.

Do you have any suggestions how to fix that? 

 

I couldn't find any documentation with more detailed queries. 

 

Thanks a lot 

Fabian

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

I would do a packet capture on port 53 (DNS) and look at all the DNS entries actually being used.

 

I actually have a tool that can injest packet captures and turn them into firewall rules in a group policy.

https://www.ifm.net.nz/cookbooks/meraki-sas.html 

View solution in original post

2 REPLIES 2
cmr
Kind of a big deal
Kind of a big deal

@Fabian1 in general the * should mean anything inlcluding . so *.google.com should match it (and a lot more).

PhilipDAth
Kind of a big deal

I would do a packet capture on port 53 (DNS) and look at all the DNS entries actually being used.

 

I actually have a tool that can injest packet captures and turn them into firewall rules in a group policy.

https://www.ifm.net.nz/cookbooks/meraki-sas.html 

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels