beautypg.com

Amer Networks E5Web GUI User Manual

Page 237

background image

2.

Enter the following:

Primary Server: 10.0.0.1

Secondary Server: 10.0.0.2

3.

Click OK

DNS Lookup and IP Rules

In the case of DNS server request being generated by cOS Core itself, no IP rules need to be
defined for the connection to succeed. This is because connections initiated by cOS Core are
considered to be trusted. For example, this would be the case if cOS Core is accessing a CA server
to establish the validity of a certificate and first needs to resolve the certificate's FQDN to an IP
address.

Dynamic DNS and HTTP Poster

A DNS feature offered by cOS Core is the ability to explicitly inform DNS servers when the
external IP address of the Clavister Security Gateway has changed. This is sometimes referred to
as Dynamic DNS and is useful where the Clavister Security Gateway has an external address that
can change.

Dynamic DNS can also be useful in VPN scenarios where both ends of the tunnel have dynamic IP
addresses. If only one side of the tunnel has a dynamic address then the cOS Core VPN keep alive
feature solves this problem.

Under System > Misc. Clients in the Web Interface, several dynamic DNS services are defined.
The HTTP Poster client object is a generic dynamic DNS client with the following characteristics:

Multiple HTTP Poster objects can be defined, each with a different URL and different optional
settings.

By default, an HTTP Poster object sends an HTTP GET request to the defined URL. Some servers
require an HTTP POST request and to achieve this the option HTTP Post the Values should be
enabled. This is usually needed when authentication parameters are being sent in the URL.

By default, HTTP Poster does not automatically send the server request after cOS Core
reconfiguration. This behavior can be changed by enabling the option Repost on each
reconfiguration.

There is one exception to the default behavior and that is after a reconfigure which is the
result of getting a new local IP address on the interface that connects to the DNS server.

In this case, cOS Core always waits a predefined period of 20 seconds before reposting after
the reconfiguration.

The default Repost Delay is 1200 seconds (20 minutes). This can be altered.

The predefined DynDNS client has an predefined refetch time of 30 days which cannot be
changed.

The difference between HTTP Poster and the predefined named DNS servers is that HTTP Poster
can be used to send any URL. The named services are a convenience that make it easy to
correctly format the URL needed for that particular service. For example, the http:// URL for the
dyndns.org service might be:

Chapter 3: Fundamentals

237

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: