Sophos XG - Redirect internal DNS traffic to different WAN interface

Question

Hello, 
 
 I have a XG with two interfaces in WAN zone (because I need a gateway for both) in a data center housing scenario. 
 Let's call the interfaces WAN-int and WAN-ext. 
 WAN-ext has a public IP-address and WAN-int has a private IP-address. 
 
 When the XG tries to resolve names for its internet access (e.g. up2date or license activation) it sends its DNS requests over WAN-ext. 
 Unfortunately DNS is not allowed on WAN-ext by the provider. The DNS-servers I am allowed to use are only reachable over WAN-int. 
 So how do I tell the XG to redirect the DNS requests from WAN-ext to WAN-int? 
 
 Any ideas appreciated. 
 
 Regards 
 Philipp

Philipp N. · Accepted Answer

Hi, 
 
 the solution was pretty simple. 
 We configured static routes for the DNS server. 
 Routing -> static routes -> IPv4 unicast route: 
 Target-IP = network address of DNS servers = for my example 10.0.1.0/24 
 Gateway = Gateway of WAN-int = for my example 10.0.0.1 
 Interface = WAN-int = for my example 10.0.0.200 
 The DNS server have to be configured in "Network -> DNS" settings. 
 With this route the XG routes its own, internal DNS traffic to the correct gateway.

Sophos XG - Redirect internal DNS traffic to different WAN interface

Top Replies