Forum Discussion

awan_m's avatar
awan_m
Icon for Cirrostratus rankCirrostratus
May 18, 2023

allow *.microsoft.com to connect to a virtual server

Hi,

i have a VIP that should only be accessable by domain *.microsoft.com - i have AFM provisioned and a DNS resolver . but the Rule cannot take *.microsoft.com as source . 

is there a way to achieve this .

thanks 

application delivery
security
  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    May 18, 2023

    awan_m I don't believe this is possible because the AFM would perform a DNS lookup for the literal DNS record of *.microsoft.com instead of what you most likely want which is any sub-domain of .microsoft.com. I don't know if I would allow that through either if you could because that is a significant amount of sources that could potentially be allowed through depending on DNS resolution. What is the purpose of the VIP that you need to allow any sub-domain of .microsoft.com through?

    • awan_m's avatar
      awan_m
      Icon for Cirrostratus rankCirrostratus
      May 18, 2023

      thanks for the reply - its a specific domain IPs to be able to connect to a VIP that presents an API . the problem with an ip address list is that i will change all the time . i need to resolve the requestors IP to a domain and if its *.XYZ.com the allow it to connect .

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP
        May 18, 2023

        awan_m It seems like the options you have is to ask Microsoft for specific FQDNs that will resolve to the appropriate IPs or to ask them for the IP ranges that the requests could come from and allow those IP ranges.