Using DNS for Automatic Site Detection
To ease first-time provisioning of clients, a site can be automatically detected during site creation. The client sends a special DNS service location query (of type SRV) to the DNS servers configured on the local network, requesting the IP address and port number of the company's VPN gateway. The local DNS server then returns the IP address and port number of the Security Gateway. During site creation, the name of the site automatically appears on the server page of the site wizard.
This DNS query:
-
Is only performed during site creation, and not on every connection operation.
-
Will only work if the client is within the corporate network so that the company's DNS server is reachable. If the client is on a host PC outside of the company during site creation, automatic site detection fails.
To configure automatic DNS site detection:
On the DNS server, create a record with these values:
|
Property |
Value |
|---|---|
|
Service |
CHECKPOINT_RA_ |
|
Protocol |
_tcp |
|
Port number |
443 |
|
Host offering this service |
Name of the Security Gateway as used in the DNS record |