More info needed. Are you made rules to allow the ssl VPN address pool to reach your domain DC with the needed ports ? Can you resolve your DC FQDN address ?
I will search a good article for you. But if you want the ssl VPN address pool fully access your LAN then start with adding the LAN network to allowed networks in the SSL VPN settings and add a rule - SSL VPN POOL --> ANY --> LAN --> allow. Then add the SSL VPN pool to the DNS allowed network. If you were connected with the SSL VPN client then disconnect and connect again for the new settings to take effect. Try now and inform. Then if it is working for you , you can start to use instead of ANY only the necessary ports need for domain functionality. You can search in the web for those ports.
I will search a good article for you.
But if you want the ssl VPN address pool fully access your LAN then start with adding the LAN network to allowed networks in the SSL VPN settings and add a rule - SSL VPN POOL --> ANY --> LAN --> allow.
Then add the SSL VPN pool to the DNS allowed network.
If you were connected with the SSL VPN client then disconnect and connect again for the new settings to take effect.
Try now and inform.
Then if it is working for you , you can start to use instead of ANY only the necessary ports need for domain functionality.
You can search in the web for those ports.
All my best.
Gilipeled
sorry im not following,
do you mean new firewall rule or to add a new netowrk to the allowed network
To join an Active Directory domain you need to be able to resolve the IP addresses of the Domain Controllers. The VPN does not alter your PC's DNS servers so you'll have to change those manually before joining.
You need to make sure your VPN network adapter is the first one in the list. If you do ipconfig /all do you first see your VPN adapter or first your normal network adapter?
In the latter case, your system will almost always use your internal DNS-server because it is higher on the list.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Quick way to test is to do a nslookup on the AD domain from your PC. The output will tell you which server is queried for the DNS lookup.
The query should go to one of the AD domains DNS servers and should respond with the IP's of the Domain Controllers.
Could you post the output from the nslookup, or if ur concerned about security, pm me the output and I'll look it over before pasting a sanitized version in the thread.
