Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1166 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Redirect internal DNS traffic to different WAN interface

Philipp N.

Hello,

I have a XG with two interfaces in WAN zone (because I need a gateway for both) in a data center housing scenario.

Let's call the interfaces WAN-int and WAN-ext.

WAN-ext has a public IP-address and WAN-int has a private IP-address.

When the XG tries to resolve names for its internet access (e.g. up2date or license activation) it sends its DNS requests over WAN-ext.

Unfortunately DNS is not allowed on WAN-ext by the provider. The DNS-servers I am allowed to use are only reachable over WAN-int.

So how do I tell the XG to redirect the DNS requests from WAN-ext to WAN-int?

Any ideas appreciated.

Regards

Philipp



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hey Philipp, Thanks for reaching out to Sophos Community.

    Just to confirm, Are these both ports configured as WAN zone on the Firewall, or WAN-int is configured as LAN? 

  • 0 in reply to FormerMember

    Hi Devesh,

    yes, both ports are in the WAN zone.

  • 0

    Edit:

    Of course I inserted the allowed DNS server in the Network -> DNS -> Static DNS settings.

    And for more clearity; the WAN-int private IP address is in a different subnet than the dns servers. For example:

    WAN-int: 10.0.0.200/24 - Gateway: 10.0.0.1/24 - DNS server: 10.0.1.100/24

    The different subnet should not affect the DNS traffic since I am sure the gateway knows where to route the traffic.

    But the DNS queries never reach WAN-int and thus not the correct gateway.

    Any ideas?

  • +1

    Hi,

    the solution was pretty simple.

    We configured static routes for the DNS server.

    Routing -> static routes -> IPv4 unicast route:

    Target-IP = network address of DNS servers = for my example 10.0.1.0/24

    Gateway = Gateway of WAN-int = for my example 10.0.0.1

    Interface = WAN-int = for my example 10.0.0.200

    The DNS server have to be configured in "Network -> DNS" settings.

    With this route the XG routes its own, internal DNS traffic to the correct gateway.