Is it possible to add domain based VPN routes instead of IPs?

Question

I want to enable APM policy that will route my company domain traffic( for e.g. site.company.com, app.company.com etc) instead of putting static IPs in the LAN address space? This way, I don't need to maintain all company public application&nbsp; IPs in the VPN settings.&nbsp;

shashe · Answer

can I have the FQDNs instead of CIDRs in the VPN tunnel scope?

lnxgeek · Answer

I haven't tried it myself, but you have the option under Client Settings to use "DNS Address Space" (I'm using v. 16.1).
&nbsp;

nikoolayy1 · Answer

You are talking about split tunnel from what I understand and split tunnel based on FQDN and not ip address (on your computer this will be seen ip routes that send specific traffic to the tunnel interface). The short answer is yes as this has been availabe in F5 APM for a long time. Look at the links below:
https://support.f5.com/csp/article/K55104964
https://support.f5.com/csp/article/K03430467
https://support.f5.com/csp/article/K49720803#link_07
&nbsp;
&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Is it possible to add domain based VPN routes instead of IPs?

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Enriching AFM with public domain Threat Intelligence

TCL Error possibly causing TCP Resets?

domain blocking

FQDN nodes in non-default route domains

Is it possible to properly log protobuf?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS