5 Replies Latest reply on Sep 25, 2019 6:26 AM by A13xxx

    Hostname URL resolution in NSX DFW

    kwg66 Enthusiast

      Hostname resolution doesn't work in NSX-V DFW...  does it work in NSX-T?   We have been integrating with cloud services and connecting from on premise to hostname URLs (example would www.s3.amazon.com) 

       

      Using an IP range in the firewall to get to the S3 bucket is not the way to go in the opinion of many within my organization and its understandable.  If the range changes your configuration will fail along with the services that are relying on the rules. As a result, many of our workloads that need cloud access have been migrated from NSX to our Cisco FW that supports this.  

       

      I found a script on Github that claims to bridge this gap, details about it are here https://networkinferno.net/fqdn-based-ip-sets-in-dfw-rules#comment-37755

       

      Before I attempt to set this up and test I really want to know if NSX-T provides the ability to use hostname URLs in the rules.   If this is the case, I would probably look to migrate from NSX-V to NSX-T.

       

      Please advise