Allowing services through external Watchguard firewall when there are no static external ip's only a DNS name

rabpwh1000 used Ask the Experts™
I am trying to configure my Watchguard firewall [XTM 515 - Fireware 11.9.4] to allow certain machines access to the update site of a software provider. Unfortunately this software vendor does not hold the updates on systems that can be referenced via  fixed ip addresses but rely on referencing their infrastructure via a DNS name.  I don't seem to be able to setup a route using packet filters or proxies. Does anybody know of a way of doing this?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Engineer
Distinguished Expert 2018
no not really.
The internet actually is based on IP addresses names were an after thought >10 years AFTER IP started.
So routing, firewall filters are all based on IP addresses.

Then again, when using f.e. IPSEC or OpenVPN tunnels this can be alleviated a little.
During connection of a tunnel those services CAN resolve a name to a number (that Ip address is then used until the tunnel terminates, termination can happen if the remote host stops f.e.) reconnecting will get the failover machines.

all traffic WITHIN the (VPN) tunnel can use stable endpoint addresses (internaly used at the remote site).


Thanks for clearing that up noci.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial