Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mrigen_Sane
Explorer

FQDN domain objects for NAT and IPsec VPN

Hello All,
                  

We are trying to use FQDN for outbound traffic for one of our customer.

For which we created a Domain based object with FQDN, but we are facing an issue when we are trying to use this domain object on our NAT rules. 
because NAT rules have limitations for using objects, so is there a way we can configure this.

Plus can we add this domain based object to an IPsec site to site Encryption domain, to get the traffic encrypted to the customer side?

 

Your response would be much appreciated.

Thank you 
Regards,

Mrigen Sane

0 Kudos
4 Replies
Baasanjargal_Ts
Advisor

Hello Mrigen,

Why is it so hard to use it's IP address of the FQDN? If is it Cloud service or any other dynamic objects, NAT supports 'Updatable objects' this may help. 

0 Kudos
Mrigen_Sane
Explorer

Hello Baasanjargal_Ts,
                                          Why they require to use FQDN this is something in the scope of the application itself, plus 

sk131852
Stated in the notes section 

  • Updateable Objects can be used in the NAT Rule Base starting R81 Security Management and Security Gateway (both are required).

    Regards

 

0 Kudos
PhoneBoy
Admin
Admin

R81 gateways allow for more object types in the NAT rulebase.
In earlier versions you can use a Dynamic Object with a script that periodically updates said object based on an FQDN.

For VPN domains, FQDN objects cannot be used, only static hosts/networks.
You might be able to somehow make it work with a route-based VPN (where the encryption domain is 0.0.0.0/0).

0 Kudos
Mrigen_Sane
Explorer

Thank you for the response, sk131852 provides more information related to the NAT part of FQDN,and how R80.40 is not compatible with it.

Moving forward we required the FQDN to be used in a Domain-based VPN , so we can think now about the route based VPN patch.

Thank you for the information.

Regards

0 Kudos