This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Setup in AD/DNS Environment Help

Can anyone tell me if I have setup the XG firewall for proper DNS resolution within a company with a local AD/DNS server and staff who utilize SSL-VPN and Outlook email remotely.

I do on occasion have issues trying to RDP through SSL-VPN to client stations, and sometimes have to grab their IP to make the connection, the name just fails to resolve. Currently under Network->DNS, I have set the IP address of our local DNS server under Static DNS->DNS1 and have some opendns IP's under DNS2, DNS3. I don't have any DNS Host Entries and no DNS Routes. My SSL-VPN users do on occasion do have some issues accessing shares and our email sometimes stumbles so I'm trying to revisit these issues since we have so many more staff working remotely during this time.

Our local AD server is our main DNS but I'm asking the experts here what they would they recommend is the best, secure way to ensure I have the XG firewall configured correctly, just because everything seems to work doesn't mean its optimal.

Thank you for your advice.

This thread was automatically locked due to age.

Parents

0 M8ey over 5 years ago

I have my XG DNS pointing to my DCs which also do DNS

Generally all my LANs use my internal DC DNS
Cancel
Vote Up 0 Vote Down

Cancel
0 SophosStorm over 5 years ago in reply to M8ey

Are you basically setup the same as well, or are you running any DNS Host/route entries as well?
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 5 years ago in reply to SophosStorm

Hi,

I would suggest to use the internal DNS server for the SSL VPN users.

In the below example network, configure 192.168.100.200 as the DNS server for SSL VPN along with the internal domain name to make sure SSL VPN users could resolve internal server names correctly.

It will require a VPN to LAN firewall rule for DNS traffic
Cancel
Vote Up 0 Vote Down

Cancel
0 SophosStorm over 5 years ago in reply to FormerMember

Thank you, now how would the Network -> DNS setup look like? Would you have it set to get DNS from either DHCP or PPPoe and then have a DNS Route entry to the local DNS server?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 SophosStorm over 5 years ago in reply to FormerMember

Thank you, now how would the Network -> DNS setup look like? Would you have it set to get DNS from either DHCP or PPPoe and then have a DNS Route entry to the local DNS server?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FormerMember over 5 years ago in reply to SophosStorm

Hi,

The 1.1.1.1 is a public DNS server, like 8.8.8.8, I just put it as an alternative of the internal DNS server.

In Network -> DNS, you could also use your internal DNS server along with a public DNS server, like 192.168.111.200 and 1.1.1.1. And Obtain DNS server is also fine, but it will only get public DNS servers.

The DNS configuration on XG is for the DNS service on XG only, it serves the DNS request from XG itself, like firmware update, and the DNS request sent to XG, like when LAN users use XG LAN interface IP address as DNS server.

When the DNS stops working for SSL VPN user, it would need to be checked more on the connectivity between the SSL VPN users and DNS server. You can use Diagnostics - Tools - Name lookup and Diagnostics - Packet Capture to test the DNS server and check the DNS traffic between SSL VPN user and DNS server.
Cancel
Vote Up 0 Vote Down

Cancel