Dynamic Domain Name Service (DDNS) is not anything new from the last decade. It associates a domain name to an IP address that changes over time. Users could access to the resources behind a dynamic IP address assigned CPE with an easily memorized domain name instead.
In this post, I ll post the procedure of setting up DDNS at ScreenOS using NO-IP DDNS service with SSL enabled in GUI. One of ScreenOS’ beauties is the GUI management.
- Go to: “Network” -> “DNS” -> “DDNS”
- Check “Config DDNS Client” and “Enable DDNS Client” and click “Apply”
- Click “New” button to setup a DDNS service.
- Fill in the blanks and it should be
- For server type: “dyndns”
- Server name: “dynupdate.no-ip.com”
- Refresh Interval: “3”
- Minimum Update Interval: “60”
- Clear text: “uncheck” (unchecking this option makes the DDNS update via https)
- Username and Password: (input the one you have registered with at the NO-IP web site.)
- Agent: “we could let the ScreenOS to fill in itself”
- Bind to Interface: (select the WAN interface that is connecting to the internet.)
- Host Name: (host name is the DDNS name you have registered at NO-IP web site.)
- Service: “dyndns”
- Click “OK” after finished.
- In this case, it should not work with the following error because the geotrust cert needs to be installed.
- The Juniper web site has a guide of installing the Geotrust cert. The following URL from the official Juniper web page describes the procedure of the cert installation.ref: http://kb.juniper.net/InfoCenter/index?page=content&id=KB7380
- Download the cert: http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority_DER.cer
- install the cert at GUI:
- Go to “Object” -> “Certificates”
- click “Browse” to select the file.cer and click “Load”
- Once it is done, your Cert page should look like this.
- Now the DDNS update via HTTPS should update successfully with the “Last-response” of “Good” at “Network” -> “DNS” -> “DDNS” page.
To verify the DDNS with dynamic IP address association, logging back into the NO-IP website should have the record of the WAN IP address of the firewall bind to DDNS host address.