Common url for internal and external access

This section describes how to make both the internal and external Internet url the same

Security considerations

An organisation may want to make their internal (Intranet / Domain) and external Internet domain urls the same. See the options below for differing domain scenarios.

Permissions checklist Permissions checklist!

To complete this step, you will need:

  • Domain Administrator access to the HelpMaster or IIS server hosting the web portal
  • HelpMaster administrative access
  • Experience or certification configuring Internet Information Services (IIS)
  • Administrator access to Microsoft 365 Admin Center or your domain registrar’s control panel
  • Administrator access to your router/firewall appliance
  • Local Administrator access to the client computer

How to make both the internal and external (Internet) url the same

Option 1 - The easy way

To make the internal (Intranet) and external (Internet) web addresses the same, first complete ALL of the steps outlined in Securing Internet access to the web portal. In the example the Internet host address would be https://support.wizbangwidgets.com by adding the sub-domain A record support to the base domain wizbangwidgets.com. This may be all that’s required as long as all users have fast Internet access from your Intranet and both external and internal http traffic speed and volume is of no concern. If you wish to divert traffic from your internal network directly to the internal machine hosting your HelpMaster web portal then proceed to option 5 Another Technique.

Option 2 - Both internal and external domains are the same

If your internal network domain is the same as your external domain, e.g. both are wizbangwidgets.com (highly NOT recommended by industry best practices) then all that is required to keep internal traffic internal, is to create an internal DNS Host (A or AAAA) type record e.g. support which will give the full url address support.wizbangwidgets.com and point it directly to the internal host IP that is hosting the web portal
Add DNS A Record

Option 3 - Internal and external domain names are completely different

If your internal (e.g. domain.local) and external domain names (e.g. wizbangwidgets.com) are completely different, as they should be according to best practice, then follow Steps 2 to 4 under Intranet / Domain only configuration

Option 4 - Internal domain is a sub-domain of the external domain

NOT RECOMMENDED. If for example your external domain name is wizbangwidgets.com and your internal AD domain name is wiz.wizbangwidgets.com this complicates configuration and makes it difficult to achieve the same internal and external domain urls. In this case the only problem free way to achieve this would be to use Group Policy to modify each machines local hosts file as outlined below under Another Technique

Option 5 - Another technique

It is also possible to achieve common internal and external urls using the following method…

  • Using Group Policy to modify each machines’s local hosts file

    1. Create a Group Policy that edits each user’s “C:\Windows\System32\drivers\etc\hosts” file with the added line
      Local Hosts File
      e.g. 10.2.2.10 support.wizbangwidgets.com
    2. Add this as a binding to your web site on the server using IIS Manager, see Step 4: Bind the FQDN to the web portal
    3. Add the address “support.wizbangwidgets.com” to your Internet Options via Group Policy as per Step 2: Adding browser trusted sites

    That should do the trick and no DNS changes need to be made internally.

See also

Intranet / Domain only configuration

External Internet Access

Configure HTTPS Strict Transport Security (HSTS)

IIS Server Configuration

Configuring web portal settings