cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FQDN Support: How does the wildcard "*" (asterisk) match?

Getting noticed

FQDN Support: How does the wildcard "*" (asterisk) match?

On page https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support we learned how FQDN Support works. This feature allows a wildcard character * (= asterisk) in the Destination column which is quite handy for "big" domains like microsoft or windows.

 

But that page does not explain how the pattern matching works exactly.

 

Given one of the following possible strings in Destination column:

*.microsoft.com

*microsoft.com

.microsoft.com

microsoft.com

 

my question would be how the following hostnames (extracted from typical URLs) would match:

w3.microsoft.com

microsoft.com

fakemicrosoft.com

.microsoft.com

 

I'd hate to test all of these one by one. My favourite would be someone from Meraki to add it to the documentation page.

CMNA, CISSP, CISM
11 REPLIES 11
Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

Good question. Seems like docs about that are indeed lacking. Perhaps @CameronMoody can add some information about that feature to the docs.

Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

I would assume that it follows similarly to how content filtering uses wildcards.

 

You can always test, if you're not sure, by setting up a FW rule and seeing if it allows certain traffic. Sometimes labbing is your best bet.

Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

Don't think so @Nash as in there the wildcard is evaluated as a literal * when it's put in an url. That would make the example shown in @AndreasE 's link pretty dumb.

Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

Ugh, perhaps you're right. I would have hoped this was consistent across features.

Getting noticed

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

I hoped that my question would deserve a test and reply from @BrechtSchamp or @Nash or @CameronMoody after 3 weeks...?

 

CMNA, CISSP, CISM
Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

@AndreasE  Have you tried asking support?. While community members try to be as helpful as we can we don't have all the answers and support can probably get you an answer pretty quick.

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Getting noticed

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

Hi Blake,

 

did you mean "Make a Wish" (on that configuration page) or opening a case (what Customer and what kind of bug/support)?

 

Regrettably, you cannot "Make a Wish" on the documentation pages -- even if they deserve it many times from my past experience!

 

Rgds,

Andreas

CMNA, CISSP, CISM
Highlighted
Kind of a big deal

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

im
New here

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

i have open case but TAC support said can't use wildcard but clearly in documentation can use wildcard.

Getting noticed

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

Hi im,

 

you can use the wildcard "*" (asterisk) in the "Outbound rules", but you cannot use it in the "Cellular Failover rules".

That's maybe the reason for confusion.

 

You should either re-open the case (if it's been closed) or insist on a sufficient answer.

 

Rgds,

AE

CMNA, CISSP, CISM
im
New here

Re: FQDN Support: How does the wildcard "*" (asterisk) match?

why you want to configure in outbound rule Layer 3?

note we did't use cellular

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.