Best practice to account for public IP address change within policies
Good morning,
We currently have policies set up to allow customer connections to our internal remote support (ScreenConnect) and remote monitoring/remediation (Automate) servers. I am trying to determine the best method to account for the possibility that a customer's public IP might change through their ISP, so that the policies would not have to be modified manually. If using FQDN instead of IP, how often will the Firebox resolve the address, and is this a setting that can be changed? I am also looking into dynamic DNS and the Firebox's capabilities, but wanted to reach out to see if anyone had any thoughts/suggestions regarding the best course of action to pursue. Any advice would be greatly appreciated!
Thanks,
Chris
0
Sign In to comment.
Comments
One option is to use an Alias for the IP addr(s)
You use the Alias name in a policy, not the IP addr(s).
Then all you would need to do is to change the IP address in Alias whenever an IP addr changes.
There are 2 types of FQDNs - static lookup when adding the FQDN.
The other is dynamic:
Review this:
About Policies by Domain Name (FQDN)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/fqdn_about_c.html
Bruce_Briggs,
Thanks for the info! I've reviewed the document you sent. I'm thinking that using an FQDN as an Alias might be the best option, but will continue to do more research. Much appreciated!