VPN Using FQDN
AbouYaka90 Newbie ✭
How would you go about creating an FQDN address object on a SOHO250 that resolves to the active WAN Interface IP at any given time?
I am attempting to eliminate the need to create additional Site-To-Site VPN tunnels for backup purposes.
Instead the VPN tunnels will resolve to the internal FQDN address object instead of IP address.
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
No need to create it, it already exists and is called "Default Active WAN IP". But it's no use to you here becase you can't use an address object in the Gateway field of a site-site policy.
I think you need a dynamic DNS FQDN and to put that in at the other end? Just bear in mind you can have two entries for the remote gateway in a "normal" site-site VPN policy.
Maybe post a bit more detail on what you're hoping to achieve.
I have a cell modem with 2 SIM cards (2 different public IPs respectively) in pass-through mode handing off WAN connectivity to the WAN port on the SonicWall. These 2 SIM cards failover when one carrier goes down. I want to create my VPN tunnel with just one FQDN pointing to this local WAN identity. I am just not sure what DNS configuration steps need to be taken on the SOHO 250 side.
Look into round-robin DNS A records. The exact thing you are looking for would require a load-balancer but round-robin DNS might be enough for your needs.
You can use Dynamic DNS feature on the firewall, which you have the 2 SIM cards. If the WAN connection fails over from IP1 to IP2 the firewall will update the Dynamic DNS record.
What's at the other end?
If your Soho250 with variable IPs can be the firewall that brings up the tunnel, then just leave it as 0.0.0.0 and set it up with a manual IKE ID, like you would with any other IPsec tunnel with a dynamic IP. If you can get it working like this then you don't need the extra complexity.