I was troubleshooting something with an org a while back where they needed to do decryption for just one "URL", but the FQDN IP address matching matches numerous sites.
So let's use example.com which has the following;
www.example.com
www.example.net.
www.example.org
and www.example.edu
all map to the same single IP. address; 93.184.216.34
kfelix@kfelixs-MacBook-Air ~ % host www.example.com
www.example.com has address 93.184.216.34
www.example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
kfelix@kfelixs-MacBook-Air ~ % host www.example.net
www.example.net has address 93.184.216.34
www.example.net has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
kfelix@kfelixs-MacBook-Air ~ % host www.example.org
www.example.org has address 93.184.216.34
www.example.org has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
kfelix@kfelixs-MacBook-Air ~ % host www.example.edu
www.example.edu has address 93.184.216.34
www.example.edu has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
kfelix@kfelixs-MacBook-Air ~ %
So let's say you want to decrypt traffic to www.example.com and not the others.
Do not use a decryption rule with an IP or FQDN address object in the decryption n rule.
You should use a "custom URL" list. Here are a few screenshots of how that would look from the web UI
NSE ( network security expert) and Route/Switching Engineer
No comments:
Post a Comment