Technical Tip: Using DNS filter profile to redirect dynamically resolved IPs to one internal IP

There are several situations when DNS translation cannot fit the client’s needs.

One of those situations is when the host resolution will be resolved to a dynamic IP like AWS load balancers, CDN, etc. where the response will return a variable IP each time. 

This is particularly required when the user does not have internal DNS servers defined to create its own DNS record.

One way to solve this will be using the Redirect portal IP field to point to the internal IP. 

This approach to solving this is combining Domain Filter with specifying the internal IP under the 'Redirect Portal IP' option.

Using CLI:

config dnsfilter domain-filter
  edit 2
    set name "Auto-dnsfilter-domain-filter_ej4l5ci7v"
    config entries
      edit 1
        set domain "4442342342349.dkr.ecr.us-east-2.amazonaws.com"
      next
    end
  next
end

config dnsfilter profile
    edit "filtro aws"
    config domain-filter
      set domain-filter-table 2
    end
    config ftgd-dns
      set options ftgd-disable
      config filters
        ...
      end
    end
    set redirect-portal 172.28.8.10 <---- This is the internal IP for consuming the service.
  next
end

Attach this DNS Filter profile to the firewall policy that matches the DNS request from internal users.

Note:

Not the same policy matches with the traffic flow.