Missing FQDN for source address in routing for VPN300

Options
PeterUK
PeterUK Posts: 2,714  Guru Member
First Anniversary 10 Comments Friend Collector First Answer

VPN300 V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242

In Zywall 110 V4.65(AAAA.1) you can select a FQDN for source address in routing but not in VPN300.

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hi @PeterUK,

    Please check the address type is FQDN or wildcard FQDN.
    FQDN with a wildcard can be used in "Destination" criteria only.  
    For example, FQDN object *.zyxel.com cannot be used in Source.
    FQDN object www.zyxel.com can be used in Source.

    Here is the configuration example on VPN300 with firmware V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242.



      

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hi @PeterUK,

    Please check the address type is FQDN or wildcard FQDN.
    FQDN with a wildcard can be used in "Destination" criteria only.  
    For example, FQDN object *.zyxel.com cannot be used in Source.
    FQDN object www.zyxel.com can be used in Source.

    Here is the configuration example on VPN300 with firmware V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242.



      
  • PeterUK
    PeterUK Posts: 2,714  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2021
    Options

    I see but I need source to have wildcard FQDN for this setup to work which the VPN300 will see all DNS.

    some I needed to route a domain to 4G and everything else to my VM ISP so client (192.168.255.194) goes to zywall 110 (gateway 192.168.255.202) then routing rule to gateway 192.168.255.247 VPN300 then route client to 4G but I have to use "Use IPv4 Policy Route to Overwrite Direct Route" with a routeing rule 4G to client gateway 192.168.255.202 which having source wildcard FQDN would be the domain that VPN300 sees all.

    Then the idea was to have the client change gateway to 192.168.255.247 for 4G only but the given domain but that would only work with "routeing rule 4G to client gateway 192.168.255.202" disable but would of worked if source wildcard FQDN was allowed.

    So to work around that it was easier to change the client IP one would route to 4G one would route to VM ISP.    

     

Security Highlight