Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RCCO
Participant

Inbound NAT using FQDN in header rather than the IP?

Hi,

I have a load balanced set of Exchange servers in my network. I have a manual NAT on the perimeter cluster to publish just one of the servers to the internet.  (I had to use this method, and a proxy ARP, otherwise something else broke in the traffic path when between the servers and another network - long story)

We currently have a need to only NAT to Server#1 and NOT the load balancer IP, but this is used internally.  We seem to be getting inbound, external SSL traffic flows to the LB and not Server#1 despite the Firewall logs clearly showing that the traffic was being natted to Server#1.

Internal DNS for mail.company.com uses the LB address and an NSlookup on the FWs resolves mail.company.com to the LB address.

Is there any way that incoming SSL traffic would be looked-up by the FW and sent to the LB, rather than just following the NAT?

What role is DNS playing in this?  if any?

Thanks for your help.

0 Kudos
4 Replies
_Val_
Admin
Admin

Not possible at the moment. If it si critical, open an RFE, or contact your local office

0 Kudos
PhoneBoy
Admin
Admin

NAT is based on IP not DNS.
There is a little-known DNS NAT feature, but it’s not clear if it’s relevant in this case: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Vincent_Bacher
Advisor
Advisor

Don't know if I got you correctly. If not, I am sorry. 

When you want the gateway to resolve the real ip of the server,  what's about using /etc/hosts? 

hostname> set host name HOSTNAME ipv4-address 

hostname> save config

 

Don't know if that works but I'd try in case of no of the mates replies that I am writing nonsense 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
RCCO
Participant

Thanks for your help everyone. It turns out that the problem was one of the Exchange servers bouncing the request back upwards to the Load Balancers and then onwards to the other servers. So the network was being blamed for nothing and 2 days of my life were wasted while proving this....

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events