We recently migrated our DNS from AWS to CF. Looking to enable DNS Proxy for additional layer of security instead of exposing our Sonicwall SRA VPN endpoint via an A record.
Our VPN (Sonicwall SRA SSLVPN) uses ports 80/443. The DNS A record points to a Sonicwall NSA Router that has NAT configured as such: Source: Any, Destination: N.N.N.N (Public IP) Ports: 80/443.
However, in testing, having issues connecting to the SRA device. Does the CF DNS proxy (orange) mask the source (host) IP, or present a different IP to our router?
Cloudflare will route all the traffic through themselves, so the traffic to your firewall will come from a Cloudflare IP, but it should still be the public IP that is in the DNS record.
You cannot proxy your SonicWall VPN through Cloudflare without having Spectrum on an Enterprise subscription. The Cloudflare proxy only passes HTTP and HTTPS traffic without Spectrum. An SSL VPN is not HTTP/S traffic even though it uses the same ports and TLS.