Controllerless Networks

Occasional Contributor II

Does an IAP Role rule using Domain Name apply to multiple IP addresses resolved in DNS

Im currently doing an IAP implementation where I need to intergrate with an AV solution. Wireless devices connected to the IAPs need to connect to the AV equipment by IP address (not DNS) on a different subnet. Each of the 20+ AV devices needs several ports open to it from the wireless. The open ports are the same for each device.

My problem is that I will hit the max number of rules which is believe is 128 per IAP role. Apart from that its not every elegant having the same 5 or so rules repeated 20+ times for each AV device.


This brings me to my question can I leverage the "domain name" option for the destination if the client is attempting the connection via IP?.

If i was to have 5 rules as follows:
allow tcp port 80 to
allow tcp port 443 to 
allow tcp port 1000 to
allow tcp port 2000 to
allow tcp port 8080 to


and mapped to




could HTTP directly to


If I then added in DNS with would I be able to HTTP directly to


Any information on how the destination "domain name" functions would be greatly appreciated.