Im currently doing an IAP implementation where I need to intergrate with an AV solution. Wireless devices connected to the IAPs need to connect to the AV equipment by IP address (not DNS) on a different subnet. Each of the 20+ AV devices needs several ports open to it from the wireless. The open ports are the same for each device.
My problem is that I will hit the max number of rules which is believe is 128 per IAP role. Apart from that its not every elegant having the same 5 or so rules repeated 20+ times for each AV device.
This brings me to my question can I leverage the "domain name" option for the destination if the client is attempting the connection via IP?.
If i was to have 5 rules as follows:
allow tcp port 80 to av.example.com
allow tcp port 443 to av.example.com
allow tcp port 1000 to av.example.com
allow tcp port 2000 to av.example.com
allow tcp port 8080 to av.example.com
and av.example.com mapped to
172.16.1.10
172.16.1.11
172.16.1.12
172.16.1.13
...
172.16.1.26
172.16.1.27
172.16.1.28
172.16.1.29
172.16.1.30
could HTTP directly to 172.16.1.27?
If I then added 172.16.1.200 in DNS with av.example.com would I be able to HTTP directly to 172.16.1.200?
Any information on how the destination "domain name" functions would be greatly appreciated.
Richard