USG FLEX H Series - Dynamic DNS (DDNS)

Zyxel_Richard

USG FLEX H Series - Dynamic DNS (DDNS)

Dynamic DNS (DDNS) is an essential feature for allowing remote access to servers behind your firewall, particularly when the IP address assigned by your ISP is dynamic and may change over time. The USG FLEX H Series firewalls have enhanced DDNS functionalities in firmware version 1.20 to improve accessibility and management.

Overview of DDNS

DDNS helps map a domain name to the changing IP address of a device, ensuring that users can consistently access a server behind the firewall using a domain name. This is particularly useful for accessing private servers remotely when the public IP address changes frequently.

Key Scenario

Server Access Behind Firewall:

• Users on the internet need to access a private server behind the firewall.
• A domain name (e.g., tnflexh.dns.net) is used to reach the server.

Public vs. Private IP:

• The firewall may be behind an ISP gateway that assigns a private IP.
• Public users cannot access the server using a private IP (e.g., 192.168.0.100).
• Instead, they need to access it using the public IP (e.g., 61.275.26).

Configuring DDNS on USG FLEX H Series

Access DDNS Settings:

• Navigate to System > DNS > DDNS in the firewall's web interface.

Create a DDNS Profile:

• Click on Add to create a new DDNS profile.
• Select the third-party DDNS provider (e.g., DynDNS, No-IP, or Custom).

Enter Domain Name:

• Specify the domain name (e.g., tnflexh.dns.net).

Select Interface or Public IP:

• Choose Public IP if your firewall is behind a NAT device with a dynamic public IP.
• Enter the Public IP URL (e.g., a third-party service like ipinfo.io that can check and return your public IP).

Monitoring and Verification

Event Logs

You can monitor the status and events related to DDNS through the event logs:

• Navigate to Event Logs:
  • Go to Logs and Reports > Event Logs.
• Filter Logs:
  • Use the category Built-in Service to find DDNS-related events.
• Example Logs:
  • Link status changes (e.g., GE1 interface down).
  • DDNS profile updates and failures.
  • Public IP changes detected and updates to the DDNS server.

Advantages of Enhanced DDNS

Public IP Detection:

• Automatically detect and update the public IP even if the firewall is behind another NAT device.

Failover Support:

• Seamless transition to a backup interface if the primary interface fails, ensuring continuous accessibility.

Regular Updates:

• Periodic checks and updates ensure the domain name always points to the correct IP address.

Minimal Impact on Performance:

• Uses third-party services for public IP checks, reducing overhead on the firewall.

Conclusion

The enhanced DDNS feature in the USG FLEX H Series firmware version 1.20 provides robust and flexible options for maintaining remote access to servers behind your firewall. By configuring DDNS with public IP detection and failover capabilities, you can ensure reliable and consistent access to your network resources.