Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 21553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Definition - Bug or by design?

Jeff x

When creating a 'Host' type network definition, you have the option of adding multiple DNS hostnames such as:

  • www.mysite.com
  • support.mysite.com
  • mysite.com

The problem I encounter is when subdomains are hosted on different servers/hosts. If I add the root domain (mysite.com) to one of my network definitions, it acts like a wildcard entry and overrides any other network definition.

For example, if "www.mysite.com" and "mysite.com" are added to one network definition and "support.mysite.com" is added to another network definition that points to a different IP, all traffic to "support.mysite.com" goes to the other/wrong IP address. If I remove the root domain (mysite.com) from the other network definition, then traffic is routed accordingly.

So is this by design?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jeff,

     

    in the moment I do not understand, why you want to create network definitions like you say. What do you want to achieve with that? Maybe you can show your network definitions, if that is possible.

     

    Unknown said:
    it acts like a wildcard entry and overrides any other network definition

     

    Do you really mean any other definition or just the definitions ending with mysite.com?

     

     

    BR

    Sebastian

  • 0 in reply to seroal

    Unknown said:

    why you want to create network definitions like you say. What do you want to achieve with that? Maybe you can show your network definitions, if that is possible. 

    Do you really mean any other definition or just the definitions ending with mysite.com? 

    Only definitions ending with "mysite.com", not all definitions.

    Here is one example using NAT's:

    I have a web server that hosts 'www.mysite.com'. I want visitors (local and external) to be able to type into their browser's address bar 'mysite.com' or 'www.mysite.com' and reach the website.  There is a third server (external) which hosts 'proxy.mysite.com'. All three are accessible for local and external users. If I do not add 'mysite.com' to the network definition (as pictured above), traffic from users who forget to type "www." in front of "mysite.com" does not make it to the server so they only get "website not found" browser errors. The only problem with adding 'mysite.com' to that network definition is that it overrides my other network definition for 'proxy.mysite.com' which points to a different IP address. 

Reply
  • 0 in reply to seroal

    Unknown said:

    why you want to create network definitions like you say. What do you want to achieve with that? Maybe you can show your network definitions, if that is possible. 

    Do you really mean any other definition or just the definitions ending with mysite.com? 

    Only definitions ending with "mysite.com", not all definitions.

    Here is one example using NAT's:

    I have a web server that hosts 'www.mysite.com'. I want visitors (local and external) to be able to type into their browser's address bar 'mysite.com' or 'www.mysite.com' and reach the website.  There is a third server (external) which hosts 'proxy.mysite.com'. All three are accessible for local and external users. If I do not add 'mysite.com' to the network definition (as pictured above), traffic from users who forget to type "www." in front of "mysite.com" does not make it to the server so they only get "website not found" browser errors. The only problem with adding 'mysite.com' to that network definition is that it overrides my other network definition for 'proxy.mysite.com' which points to a different IP address. 

Children
  • 0 in reply to Jeff x

    I tried that, but for me it´s working... Or did I miss a point?

     

    Look:

     

  • 0 in reply to seroal

    Cool... Thanks for jumping in and testing. I'll have to set things back to the way they were when I encountered the issue in order to test some more. I'll need a day or two (family stuff).

    From what I remember, DNS look ups were failing for 'proxy.mysite.com'. That site's public IP address changes from time to time. I don't recall if the issue affected internal users or external or both. 

    I just found a note that I made about the issue. I had to create a Full NAT and remove 'mysite.com' from the 'www.mysite.com' network definition as a workaround.

    "mysite.com - added this NAT and removed mysite.com from host definition because UTM would not do DNS lookup for proxy.mysite.com"

    Here is the Full NAT:

    Matching condition:
    For traffic from: Internal Network
    Using service: HTTP/HTTPS
    Going to: External (WAN) [mysite.com] (Address)

    Action:
    Change the destination to: www.mysite.com (local IP)
    Change the source to: Internal Address (192.168.0.1)