We have two VLANs which are isolated from the rest of our network. They use external DNS for lookups. When the user hits a content issue, they are redirected to the firewall captive portal. However, because they use the external DNS they are pointed to the WAN IP address for the captive portal which of course is disabled on the WAN. What I want is when the users DNS request goes out, to intercept it and change the IP to which it is directing the request.
We have tried the whole DNS redirect to internal DNS, but I would rather not do this as they are guest networks, and I would rather not have that traffic pointed to our internal servers. What I want is when the DNS request is returned to the user machine the user's device is then pointed to the external WAN, to change this IP to the internal IP. I know I can do this on Cisco and most mainstream FW vendors, but of course this is Sophos and it never seems to work the way you would expect or should.
Am I right in thinking the only way to do this is to use some kind of NAT rule ? Which is a bit messy considering I'm not actually NAT'ting anything. Or am I missing something ?
Thanks
Ed
This thread was automatically locked due to age.
