Can't handle two dfas next to each other in pattern

Can't handle two dfas next to each other in pattern

4222
Created On 05/13/20 23:16 PM - Last Modified 05/13/20 23:16 PM


Symptom


Error - “can't handle two dfas next to each other in pattern”
o This error indicates the pattern entered contains two strings that are both less than 7 bytes and are separated by a regex wildcard element.

Environment


As per PAN document,
- Every pattern you create must contain at least a 7-byte string with fixed values.
o The 7-byte fixed string can be anywhere in your pattern.
o The 7 values must be fixed, this means no ‘.’ (dot), no ‘*’ (star), no ‘+’ (plus), or other wildcard characters within the 7 bytes.


Following are the regex patterns, for creating custom application
web[12].paloalto  <--- Not working
paloalto.web[12]  <--- Working
web.paloalto[12]  <--- Working
paloalto[12].web  <--- Working

Cause


- If there are two DFAs next to each other before 7+ character fixed string, the system will not permit it.
Example:
web.com.paloalto is an invalid pattern string as web and com are two DFAs next to each other

- Square bracket pattern is a DFA, so web[12] in 'web[12].paloalto' are two DFAs (web and [12]) next to each other.
So, this is similar to web.com.paloalto

The behavior reported in this case is per design.


 

Resolution


- If there are two DFAs next to each other after 7+ character fixed string, the system permits it.
Example:
paloalto.web.com is a valid pattern string
paloalto.web[12] is a valid pattern string

Additional Information


Link to the Document,
https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000U0ruAAC&field=Attachment_1__Body__s
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U30CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail