Priority Outbound Policy not working for certain sites

I have a cellular connection on Wan2. I have setup outbound policies to only allow certain sites to use Wan2 if Wan1 fails.

There are certain sites that don’t seem to work while others do. An example would be logmein.com doesn’t work while google.com does.

I am using domain name as destination (ex. logmein.com), from Any source, from any protocol.

I use an enforce Wan 1 at the bottom to force everything else to fail.

Appreciate any guidance.

Its very likely that all the traffic destinations logmein needs do not have associated domains registered that end in logmein.com. They will use Content delivery networks and external libraries etc.

You can prove this by running a logmein session and then looking at active connections under status to see what sessions your devices IP has.

To build on Martin’s answer: If you do a DNS lookup on (say) logmein.com you’ll get one ore more IP addresses. When you do a reverse lookup on these addresses they may not map back to the expected domain (i.e. logmein.com in this example).

If you run a Unix box (or have other tools for DNS queries) you can test this using the dig command. In this particular case

dig logmein.com

yields three IP addresses (from where I am):

logmein.com. 149 IN A 52.178.114.226
logmein.com. 149 IN A 40.71.199.117
logmein.com. 149 IN A 13.91.40.166

And a reverse lookup:

dig -x 52.178.114.226

reveals that logmein.com is running on Microsoft’s azure systems and that there is no FQDN associated with the IP address.

Thus filtering traffic on the domain name logmein.com will not work.

Cheers,

Z

1 Like

ask logmein what IPs/domains they use

https://help.logmein.com/articles/en_US/FAQ/Whitelisting-and-LogMeIn