Hello I want to force all DNS requests to an external server to the first step has been to change the DNS server in the DNS section and DHCP, and ok, it works.
Now if a client has a different DNS server configured they will bypass my DNS server, how can I avoid this?
With this approach https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/96094/how-to-force-dhcp-clients-to-use-specific-dns-adress-like-8-8-8-8
I understand that I can block other DNS servers, but what I want is not to block them but redirect them to my local DNS server, I have been trying with DNAT rules but I can get it work, still DNS request go outside without being force to go through my DNS server.
How can I implement the behaviour I want?
I have been readling a little bit more a looks like Sophos is not able to capture all traffic in a port to redirect it because you can not have source address ANY. This is a shame, this feature is avaiable in any other comercial firewall, even in free firewalls like ipfire, opensense, pfsense, etc. you can do that.
This is another basic thing that can't be done in Sophos XG I don't understand the roadmap of this product and I don't understand how this can be called a enterprise grade firewall if can't work with basic firewall rules, in Sophos UTM is possible, as usual it's a more powerful firewall.
More info here
community.sophos.com/.../how-to-replicate-utm-rule-to-redirect-dns-ntp-to-internal-server
This thread was automatically locked due to age.
