I have a webserver with an external ip behind a firewall but I don't want everybody to have access on it. I am thinking of setting up ddns on the site that I would allow access to then I will restrict access based on these ddns on the firewall. Seems perfect but when I put these policies in, the firewall does not detect those ddns address but I can ping it. The policy is
xyz.domain.com (untrust) x.x.x.x (external true ip - trust) http (service)
If I change the untrust to any, it works fine. If I put this ddns address in, the policy greys out and it searches very slow.
My firewall is a netscreen ssg5