Hostname (DNS Resolvable) Network Objects



Similar documents
How to Add Domains and DNS Records

How to Perform a Manual High Availability Failover

PineApp Surf-SeCure Quick

Lab - Observing DNS Resolution

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Configuring Security for FTP Traffic

How to Make the Client IP Address Available to the Back-end Server

Managing the System Event Log

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

DHCP and DNS Services

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Configuring Security for SMTP Traffic

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Content Filtering Client Policy & Reporting Administrator s Guide

Avira Management Console AMC server configuration for managing online remote computers. HowTo

Managing the System Event Log

How to Configure DNS Zones

PaperCut Payment Gateway Module - RBS WorldPay Quick Start Guide

Configuring NetFlow Secure Event Logging (NSEL)

Smart Card Authentication. Administrator's Guide

Virtual Appliance Setup Guide

Configuring DrayTek Equipment With A Sky Network.

This section describes how to set up, find and delete community strings.

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Managing the System Event Log

Deploying the BIG-IP System with Oracle E-Business Suite 11i

F-SECURE MESSAGING SECURITY GATEWAY

Cloud Services. Sharepoint. Admin Quick Start Guide

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Step-by-Step Configuration

VPNC Interoperability Profile

Apache Configuration

Chapter 10 Troubleshooting

Red Hat Linux 7.2 Installation Guide

Transparent Firewall/Filtering Bridge - pfsense By William Tarrh

Sierra Wireless AirCard Watcher Help for Mac OS X

Google Sites. How to create a site using Google Sites

Parental Control Setup Guide

Easy Setup Guide for the Sony Network Camera

Connecting your Virtual Machine to the Internet. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs

Routing concepts in Cyberoam

F-Secure Messaging Security Gateway. Deployment Guide

Dynamic DNS How-To Guide

Juniper Secure Analytics Release Notes

Barracuda Link Balancer Administrator s Guide

Configuring Spectralink IP-DECT Server 400/6500 and DECT Server 2500/8000 for Cisco Unified Call Manager

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

How to Program a Commander or Scout to Connect to Pilot Software

PaperCut Payment Gateway Module PayPal Website Payments Standard Quick Start Guide

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Aventail Connect Client with Smart Tunneling

Configuring Trend Micro Content Security

Load Balancing IBM WebSphere Servers with F5 Networks BIG-IP System

Magento Extension for Add Multiple Products by Capacity Web Solutions

ODBC And SQL. V4.x 06/30/2005 Document v1.01

How To Configure Virtual Host with Load Balancing and Health Checking

The Global Rules set is evaluated first and contains the global access rules that apply to all NG firewalls using the shared service.

BioWin Network Installation

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Indian Standards on DVDs. Installation Manual Version 1.0. Prepared by Everonn Education Ltd

Advantech WebAccess Device Driver Guide. BwSNMP Advantech WebAccess to SNMP Agent (Simple Network Management Protocol) Device Driver Guide

Configuring Network Load Balancing with Cerberus FTP Server

Deploying the BIG-IP System v10 with Oracle Application Server 10g R2

Virtual Appliance Setup Guide

Configuring User Identification via Active Directory

Salesforce Integration

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

NSi Mobile Installation Guide. Version 6.2

TMS Phone Books Troubleshoot Guide

McAfee Network Threat Response (NTR) 4.0

ADSL Router Quick Installation Guide Revised, edited and illustrated by Neo

Cisco Unified Communications Manager 5.1 SIP Configuration Guide

MS Windows DHCP Server Configuration

Server Configuration. Server Configuration Settings CHAPTER

DEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010

Port Forwarding your Router for Use with a Network DVR

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Lab Editing the HOSTS File in Windows

Integrating with IBM Tivoli TSOM

MS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros.

Unity Application Suite SQL Server Database Integration

Smart Call Home Quick Start Configuration Guide

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Configuring Situation Events in Action Manager for WebSphere Business Monitor Version 6.0

Using Device Discovery

Installing and Configuring vcloud Connector

USER GUIDE. Diagnostic Web Server FW ver BrightSign, LLC Lark Ave., Suite B Los Gatos, CA

TSM Studio Server User Guide

pcanywhere Advanced Configuration Guide

Smart Card Authentication Client. Administrator's Guide

Virtual Appliance Installation Guide

1 Installation. Note: In Windows operating systems, you must be logged in with administrator rights to install the printer driver.

Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System

StarWind iscsi SAN Software: Using StarWind with MS Cluster on Windows Server 2003

Managing Identities and Admin Access

ProSafe Plus Switch Utility

Using the Content Distribution Manager GUI

Transcription:

Hostname (DNS Resolvable) Network Objects Introduction The following article explains the configuration of hostname (DNS Resolvable) network objects. Note that the maximum amount of a single DNS resolvable hostname is limited to 24 IP addresses. If a hostname is resolvable to more than 24 IP address, only the first 24 IP addresses will be resolved and processed. Firewall rulesets steer the processing of IP packets. As IP packets only know a destination IP address and not a host name, the allocation of host names to appropriate IP addresses must be managed through the firewall. Network objects of type Hostname allow specifying DNS resolvable host names as network addresses, and in this way make the use of host names in firewall rules possible. Only explicitly defined host names (for example www.barracudanetworks.com) but no comprehensive zone names may be used in network objects. A DNS server must be specified in the DNS Server IP field in the Box Settings file (How to Configure DNS Settings), in order to use network objects of type Hostname. Using DNS resolvable host names in firewall rulesets can cause problems because of the following: IP addresses that are allocated to DNS host names might change. A DNS record might contain multiple IP addresses. Creating Network Objects of Type Hostname Hostname objects may be created in: the Local Firewall ruleset. the Forwarding Firewall ruleset. as Global, Range- or Cluster-specific firewall objects. Hostname objects may NOT be created as explicit source or destination objects in firewall rules. To create a network object of type Hostname (see: How to Create Network Objects), select Hostname (DNS resolved) from the Type list in the Network Object window. Consider the following detail configuration options: Hostname (DNS Resolvable) Network Objects 1 / 5

The following parameters can be configured: Type - The type defines specific object characteristics. Network objects of type Hostname expect specification of an explicit DNS resolvable host name in the Name field below. Once the object has been created its type cannot be changed. Name - Into this field insert the DNS resolvable name the object is to be created for. Description - Into this field insert a significant object description. The specified name is the name of the network object at the same time. The object name may be changed retroactively. Resolve - The functionality of this button is purely informational. Click it to execute a DNS query for the host name inserted into the Name field. The result of the query is displayed in the IP field in the Entry section. Note that the query is executed using the DNS server(s) known to the client running the graphical administration tool Barracuda NG Admin and NOT using the DNS server(s) known to the Barracuda NG Firewall running the firewall service. DNS Lifetime (Sec) - The DNS Lifetime defines the interval after which to refresh DNS entries for network objects of type Hostname that are configured for use in currently effective firewall rules (default: 600 s). Setting to a lower value than 30 seconds might cause problems in network object lists containing a huge number of hostname objects. DNS entries may also be refreshed manually in the Firewall Monitoring > Dynamic tab > Dynamic Rules tab. The DNS Lifetime has no effect on actively established connections, even if the DNS resolution of a network object that is currently used in a firewall rule changes. In this case to force a refresh terminate the active session in order to enable new connection establishment using the updated DNS entry. Hostname (DNS Resolvable) Network Objects 2 / 5

The Include - and Exclude Entries sections may be used to restrict a network object and to force a condition to match explicitly or to exclude it from being part of it. For example, if a DNS host name entry www.domain.com matches four DNS A-records pointing to the IP addresses 10.0.6.1, 10.0.8.1, 10.0.8.2 and 10.0.8.3, and it is wanted that connection requests must always point to addresses residing in the 10.0.8.0/24 network, but must never be addressed to the IP address 10.0.8.3, the following values need to be configured in the corresponding fields: Section Included Entry: IP 10.0.8.0/24, section Excluded Entry: IP 10.0.8.3. The configuration stated above will be processed as follows, when it is utilized in a firewall rule: Connection requests may be addressed to IP addresses living in the network 10.0.8.0/24, but they may not address the excluded IP address 10.0.8.3. Using Network Objects of Type Hostname Hostname objects may be used as: Source/Destination in rules within the Forwarding Firewall. Source/Destination in rules within the Local Firewall. Reference in the Entry list of Generic Network Objects. Hostname objects may NOT be used as reference in the Entry list of all other network object types. Hostname objects that cannot be resolved can never match in a rule. Consequently, when a non resolvable object is used in a rule, this rule cannot be processed correctly. Hostname objects will become non resolvable not only if they refer to a non existent host name, but also in case the DNS server queries are addressed to is unavailable. Do NOT use Hostname network objects in rules with the policy block. When the firewall is (re)started, it may take up to 10 seconds until DNS resolution is provided for all configured hostname network objects. Because the firewall is already active, it might happen that before the actually desired rule becomes active another rule matches a request. Active sessions are not revaluated when DNS resolution changes, but only when the rule itself is modified. Persistent sessions might are to be terminated manually in order to enable new connection establishment using the updated DNS entry. Monitoring Network Objects of Type Hostname DNS queries addressed to the DNS server configured in the box settings are triggered as soon as a hostname network objects is created. The result of these queries is visualized in the following places: In all views but the Dynamic Rules tab, DNS resolution is retrieved using the DNS server(s) known to the client running the graphical administration tool Barracuda NG Admin and NOT using the DNS server(s) known to the Barracuda NG Firewall running the firewall service. In the Entries column in the network object list. In the Rule Object list when the hostname object configured in the rule is used. In the Source/Destination window querying the rule object list when the hostname object is currently used. In the Rule Tester. In the Dynamic Rules tab of the Firewall Monitoring Interface. Hostname (DNS Resolvable) Network Objects 3 / 5

Site Specific Network Objects Site specific network objects can be used to share single firewall rulesets for branch offices with template based network layout. This type of object inherits its content from the IP address or IP network defined in the Virtual Server s Server Properties of a branch office. Hostname (DNS Resolvable) Network Objects 4 / 5

Hostname (DNS Resolvable) Network Objects 5 / 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information