Missing FQDN for source address in routing for VPN300

PeterUK
PeterUK Posts: 3,326  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary

VPN300 V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242

In Zywall 110 V4.65(AAAA.1) you can select a FQDN for source address in routing but not in VPN300.

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Hi @PeterUK,

    Please check the address type is FQDN or wildcard FQDN.
    FQDN with a wildcard can be used in "Destination" criteria only.  
    For example, FQDN object *.zyxel.com cannot be used in Source.
    FQDN object www.zyxel.com can be used in Source.

    Here is the configuration example on VPN300 with firmware V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242.



      

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Hi @PeterUK,

    Please check the address type is FQDN or wildcard FQDN.
    FQDN with a wildcard can be used in "Destination" criteria only.  
    For example, FQDN object *.zyxel.com cannot be used in Source.
    FQDN object www.zyxel.com can be used in Source.

    Here is the configuration example on VPN300 with firmware V5.02(ABFC.1)ITS-WK32-2021-08-09-210800242.



      
  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 2021

    I see but I need source to have wildcard FQDN for this setup to work which the VPN300 will see all DNS.

    some I needed to route a domain to 4G and everything else to my VM ISP so client (192.168.255.194) goes to zywall 110 (gateway 192.168.255.202) then routing rule to gateway 192.168.255.247 VPN300 then route client to 4G but I have to use "Use IPv4 Policy Route to Overwrite Direct Route" with a routeing rule 4G to client gateway 192.168.255.202 which having source wildcard FQDN would be the domain that VPN300 sees all.

    Then the idea was to have the client change gateway to 192.168.255.247 for 4G only but the given domain but that would only work with "routeing rule 4G to client gateway 192.168.255.202" disable but would of worked if source wildcard FQDN was allowed.

    So to work around that it was easier to change the client IP one would route to 4G one would route to VM ISP.    

     

Security Highlight