DNS over SSL VPN?

Question

Hi 
 Sorry if this has already been asked somewhere, I did have a look for an existing article. 
 We currently run an XG230 at our head office, we have roaming users who dial in via the SSL VPN client. Up until now, they have been then logging in to a single terminal server using its IP address. However, I am testing a new Win10 VDI environment where each user gets their own VM which is destroyed/recreated upon logoff. 
 Due to this, connecting via a VM's IP address is no longer a viable option. In order for users to connect to the virtual desktop environment they must use the RDS gateway. This depends on DNS working for authentication. 
 So my question is, what steps do I need to take in order to get functioning DNS over SSL VPN? 
 I have already specified my internal DNS server in the VPN configuration, however the assigned IP addresses for SSL VPN clients is entirely different from my internal LAN. Do I need do something fancy with routing so that my internal DNS IP is reachable? 
 Thanks in advance!

Ronak Sheth · Accepted Answer

Hi Ben, 
 
 You need to add your LAN IP spool or DNS IP in you Tunnel SSL VPN (Remote Access) > Your policy Name > Tunnel AccessTunnel Access > Permitted Network Resources. 
 
 second you need to have one Firewall Rule as following. 
 
 Action =Accept / Source Zone = VPN / Source Network = Any / Destination Zone = Zone in which you have DNS server / Destination Network = DNS Server Host, Service =DNS. 
 
 make sure you do not have any drop or reject firewall rule above it. 
 
 Good luck!!! 
 
 Regards, Ronak.