Define an application with FQDN, IP or both

Hello,

I don’t find the information on Zscaler help poral so I’am asking here.
(About Application Access | Zscaler)
I’m wondering, for some applications, do I have to define both FQDN and IP ?

My example :
I define an application only with an FQDN (myserver.domain.local).
If a users try an RDP connection using the server IP (not the FQDN), will it work ?
Do I have to define both FQDN and IP if users can request the service both ways ?

Thank you in advance for your response !

Florian

If you want to access the application with fqdn and ip address then define the application segment with both.
Otherwise will not work.

It is only necessary to define the application by IP address if users access it by an IP address. Avoid defining applications by IP address if it’s not necessary for them to function.
For example a CIFS file share is generally only accessed by FQDN (or by shortname+domain Suffix) - so it only needs to be defined by FQDN.
Another example is SAP - SAP is generally accessible by FQDN (or by shortname+domain Suffix) - however the response from the SAP server contains its IP address in the payload for the client to make a data connection to after logon. Therefore it’s necessary to define the FQDN+IP address(es).
Keep IP address definitions to a minimum - they’re not needed, and do provide details of the internal structure of your network, which isn’t ideal. try to avoid large subnet definitions. If the application (like SAP) provides the IP in the payload, consider reconfiguring the application to provide an FQDN (or shortname) which avoids the need to define the IP in ZPA.

2 Likes

It’s clear :ok_hand:
Thank you both for your answers !