Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 1152 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Resolution slow using Connect 2.0 and IPSec VPN connection

AllanD

We have a ongoing issue with Sophos Connect 2.0 and IPSec VPN connections where DNS resolution is extremely slow at first and sometimes never resolves itself.  For example a user connects to the VPN and then tries to open a network drive then gets a error as it can't find the server.  Or a app that relies on our SQL server doesn't work because it cant resolve the server address.

Sometimes the issue resolves itself after a few minutes.  But sometimes it doesn't at all and the answer is to reboot, connect to the VPN before doing anything else, waiting 1 - 2 minutes, and then trying to access the network resource.

DNS is setup correctly, we have no issues on prem and once the VPN "figures it out" everything works fine.  But it's that initial connect and waiting that's the issues.  Is there any way to reduce this?

Firewall is a XG310 running 19.0 firmware (happened on 18.* series also).  Clients are all Windows 10 Pro with the Connect 2.0 client and IPSec VPN.



This thread was automatically locked due to age.
Parents
  • 0

    Hi : To narrow down and to confirm more during live issue time, If you may capture Wireshark PCAP on the end machine which is connected via Sophos connect, PCAP on XG, PCAP on end DNS server (If in house DNS server added in Sophos connect settings on XG) along with TCPDUMP, drop on port 53 over XG and once you have this logs - you may confirm more.

  • 0 in reply to Vishal_R

    is there a Security Heartbeat requirement for the firewall rule allowing DNS?

    That could be an indication.

    But I also see some issues regularly with the XG DNS Server in normal operation:

    if you nslookup towards the XG the first lookup may timeout while all following will definetely work.

Reply
  • 0 in reply to Vishal_R

    is there a Security Heartbeat requirement for the firewall rule allowing DNS?

    That could be an indication.

    But I also see some issues regularly with the XG DNS Server in normal operation:

    if you nslookup towards the XG the first lookup may timeout while all following will definetely work.

Children