I've got an issue with a firewall restriction and a very dynamic host. I have firewall rules restricting outbound SMTP traffic to a certain host, smtp.example.com. Only SMTP traffic to that one address is allowed out, all others are blocked.
Works great, in general.
However, this destination host as an extremely low TTL (5 minutes), and the destination IP changes almost constantly. When I create the rule, traffic flows to IP#1, everything is good, five minutes later smtp.example.com starts resolving to IP #2 and it stops allowing traffic to that destination.
I know it's a DNS issue because if I disable the restriction and allow all SMTP out, outbound traffic works fine.
Is there a reason my SG135 is holding on to this resolved IP longer than the TTL allows for? And thus breaking the rule a certain percentage of the time? When I mouse over the DNS host object in the rule, it shows the right IP, but it's like the rule itself isn't updating frequently enough?
This thread was automatically locked due to age.
