|
|
|
|
|
|
by jamilbk
683 days ago
|
|
|
Firezone's DNS-based routing is able to manage access to multiple services independently, even if they share the same IP address. So you could for example allow access to gitlab.company.com but not jira.company.com even if they were on the same webserver / loadbalancer. It took a couple iterations to get it right - lots of fun edge cases involved. We ended up having to build automatic NAT64 and 46 for DNS resources to handle some of them. We wrote a post on how this works: https://www.firezone.dev/blog/how-dns-works-in-firezone In terms of attributes for allowing access, we currently support time-based, country/region-based, auth method, and IP-based, with more planned:
https://www.firezone.dev/kb/deploy/policies#conditional-acce... |
|
|