At my work we have a few Networking appliances that we have associated DNS names with internal IP addresses. For example we may have a EMC DD160 (Storage) associated with the Name DD160A with the internal IP address of 10.10.10.10. So to access the web interface one may type:
Equally important we have the Outlook Web Access pointing to the 'Public IP address' in our Windows DNS config for the Outlook Web Access and not the Exchange server's internal IP address. For example mail.company.net -> 10.10.10.11. This way we may type
to access the Outlook Web Access interface.
Now we have introduced a new mix in our network. We are evaluating a web monitoring program where we have to configures our firewall to forward only "OUTBOUND" port 80 and port 443 traffic through a VPN tunnel to a web server and there the web monitoring vendor would create metrics for us regarding our user's web usage. We have only made the rule for 1 specific Subnet (Device VLan) so we have other VLan's that are not affected by the monitoring atall.
To be honest the web reporting looks fantastic; but, one of the side affects is that anyone that is on that "Device VLan" cannot access https://mail.company.net/owa
. One must type https://10.10.10.11/owa
to access the Outlook Web Access Interface.
Question 1: Is this because when you are typing or forwarding a DNS name to an internal IP address and the associated port 443 traffic is routed inbound before it gets to the firewall so that never reaches the outbound forwarding. So that web traffic is remaining in the network and is functional?
But the OWA is routed to an outside public IP address and that is sent tothe vendor's web server and then tot eh internet that way.
Question2: Why can we not connect to the OWA since the port 443 traffic is routed to the other location first?
I have another related question to follow up this