We have a number of URLs included on internet breakouts in our MX devices.
The ones which are mostly ASW hosted services, the DNS URLs generally resolve to a CNAME and then to an IP address.
The IP addresses also appears to change dynamically from time to time.
Apparetnly the MX is not able to refresh its DNS cache in order to breakout the new IP for that particular domain, therefore the traffic is sent throught the VPN.
We have seen multiple instances where a URL domain is included in the breakout, but it is going through the SDWAN. We want this domains excluded from the VPN.
Does anyone have similar issue? Was there any resolution?