Domain Name support is a feature that allows users to use domain names in firewall rules instead of manually maintaining IP Sets / NS Groups for source and destination criteria. This feature creates and maintains IPSets (NSX-v, NSX-T) / NS Groups (NSX-T/AWS) with the current domain to IP mappings based upon a user defined refresh schedule. For example, with Domain Names, users can define a domain (ex: microsoft.com) and reference that in the dFW policy. ReSTNSX will maintain that IP Set / NS Group with the latest IPs that map to a given domain.
Minimum Release: 3.5 Application: NSX-v, NSX T, AWS (NS Group only support) License: Enterprise Privilege level: Security Engineer or higher
To create or view Domains, navigate to Operations > N&S Objects > Domains. This is a system-wide view where users can create new domains and see existing domains defined across all NSX Managers defined in ReSTNSX.
Add New Domain
To create a new domain, click the green plus sign from the main menu.
This action will open a new dialogue window where the domain attributes are defined.
IP Set Name: This name is used as the IP Set / NS Group name when the policy is executed on the selected NSX Managers
Refresh Interval: The frequency of updating the before mentioned IP Set / NS Group in minutes. This interval can be set as low as 5 minutes and a maximum of 525,600 (1 year). When the interval is reached, ReSTNSX will use system defined DNS server(s) to resolve the domain to IP(s) and update the IP Set / NS Group
Domains: Enter one or more domains for ReSTNSX to resolve on the supplied refresh interval
Available To: Select one or more NSX Managers for ReSTNSX to create / maintain this IP Set / NS Group.
Once saved, the domain will show on the dashboard. To initiate the first name to IP resolution, click the refresh icon next to the selected domain. This will resolve the domain to IP and create / update the IP Set / NS Groups on each NSX Manager defined.