External DNS Lookups Changing When Changing from Cisco ASA to XG

Question

Okay, not thinking straight anymore. After moving client to XG tonight form Cisco ASA external DNS is failing. Their internal authoritative DNS server has private IPs for the host names, and with the ASA they'd respond to a DNS lookup as their NAT'd public IPs, and everything was happy. I realized with the XG that the lookups now get the private IP, and mail can't come in. DNSSTUFF test against the domain says no MX record. Put the ASA back in line and the DNS tests pass and mail resumes. Am I missing something stupid, or what was the ASA doing that I need to replicate? Alternatively, is there a way to make the XG do what Sonicwall calls a loopback, where an internal host can access an internal resource by its public IP because the Sonicwall will bounce it back in to the private? I used that a lot with Sonicwalls.

This thread was automatically locked due to age.

lferrara · Accepted Answer

David, 
 Accessing internal resources by public ip is possible. Create a business rule application and you will be able to access internal resources by public ip. 
 For the dns aspect, XG can act as dns server so it replies to know A records directly. You can configure XG to forward dns requests to other dns servers under network > dns > dns request route. 
 Regards

DavidPeterson · Answer

Well, they have a seriously screwed-up DNS server situation, and I could find no good reason why the hosts were listed with private IPs when there was a separate .local domain inside for internal users accessing internal servers, so I changed all records to the public IPs. Problem solved. Your proposed solution is noted in my Sophos tech info and appreciated.