Zonedirector over WAN
We have a ZD 1200 with latest Firmware. We want to have them on a WAN endpoint inside a DMZ network. In this DMZ network is a Webserver as captive Portal. Our Accesspoints should be somewhere outside this network - they're connected over their own WAN links.
In our Testlab we did:
- Having a DMZ network (192.168.110.0/24)
- Having a ZD1200 -> 192.168.110.200
- Having a Webserver for CP -> 192.168.110.10
- Having a static WAN IP 80.x.x.x with a static a record (zonedirector.company.de)
- having NAT rules to forward 443,12222,12223,21,pasv ftp incoming on WAN to ZD (192.168.110.200)
On the AP side we have:
- R500 with latest firmware (provided by ZD1200
- DynDNS (static ip is also available)
- Network 192.168.30.0/24
What is working?
- AP can reach ZD
- AP can join ZD
- ZD can manage (update, push profiles etc.)
- ZD Profile "Standard" without Authentication is working, a Tablet on AP-side is connecting to the AP and can surf, the Tablet is shown in ZD
- when trying to use a hotspot profile i can join the network, getting a IP from DHCP of AP-Side (192.168.30.111 as example) and then the redirect page comes up and try to bring me to the CP Page... this takes a long time and then i get a timeout that 192.168.110.200 isn't reachable (what is clear to me as the AP cannot connect to the DMZ area
The question is - how can i tell the ZD (or AP?) that he has to try the public ip of the ZD instead of the internal?
Any other ways to reach this goal are welcome