I’m interested how exactly wildcard filtering works with cloud firewall ? Let’s say I want to allow SSH to *.company.com. If I read the documentation right I can’t do this with URLs but not with FQDN. I’m interested in the reason for the diferentiation. Any usefull input is appriciated to help me understand the firewall mechanism better.
Is this because you are not inspecting DNS and without the host header there is not way to tell ?
Can you inspect DNS or is there any other way to allow wildcard FQDN for non-HTTP apps ?
The ability to support wildcards in Cloud Firewall FQDN policy is actually available on our beta instances today if your organization has access to such a tenant. As you suspect, to support the wildcarding we will need to have DNS directed through the ZIA Zero Trust Exchange (SME, ZEN, Public Service Edge). The feature should be available before the end of the year in all production clouds.