Hi,

I have a public IP (123.45.67.89), now I had setup a rule in Firewall -> NAT: When any from external IP go to my public IP to port 443, router will redirect to 192.168.1.101 where I have a SSL website, its okay and wroks fine. Now I would like to know if its possible a second rule.
If someone go to myssl.domain.com go 192.168.1.101
And if someone go to myssl2.domain.com go 192.168.1.102

Is it possible filter for domain in that rule?

Thanks.

No. The normal pattern for this use case is to setup a reverse proxy with Nginx or similar between the firewall and the various web servers.

No. The normal pattern for this use case is to setup a reverse proxy with Nginx or similar between the firewall and the various web servers.

Thanks, I thought that the "content" option could do it that, if not I will setup with nginx. Thanks!

Thanks, I thought that the "content" option could do it that, if not I will setup with nginx. Thanks!

Not reliably since the content will be encrypted so you need an TLS endpoint to inspect it. While the initial handshake will be unencrypted and you could try and device some packet marking based on initial communication, you'll probably run into trouble with more advanced transfer techniques. Depending traffic loads a proxy could run on very low cost hardware so IMO just wouldn't justify the hassle of trying to make it work.

Content option will see hostname thanks to SNI (it's sent unencrypted), but when it happens, it's too late to redirect connection.

Thanks both