Background - Taxi Company Call Takers denied WAN access, open up ports and domains as needed.
The Application uses Google Maps, resolved on Call Takers work stations.
Application guy says need the following open on router:
http://maps.googleapis.com/
http://*.gstatic.com/
http://*.googleapis.com
The router is pfSense, the wild card domains are not possible.
Issue: Google domains ip's are on very short ttl, ip's change all the time. DNS server responds with a single IP at a time, with each subsequent request resulting in different IP address being returned. Not good as can result in the firewall resolving to a different IP to the client and traffic being intermittently allowed or denied.
Example: ping maps.googleapis.com several times in a row and watch the ip change.
Help please. Could Cisco do this better??
No comments:
Post a Comment