Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 5 answers
  • Subscribers 5 subscribers
  • Views 29107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Block-Outside-DNS?

TitanRob16

Hi all,

 

I just have a quick question regarding the Sophos SSL VPN within UTM 9 - does it automatically block outside DNS from being used? 

The reason I ask is because I'm setting up our Sophos VPN so we can retire our IPCop server, and on that we had to configure it to push the block-outside-dns setting, so it would then automatically obtain the DNS addresses from the VPN connection, rather than the local router. Is this something I would also need to configure with the Sophos UTM? 

 

Regards,

 

Rob



This thread was automatically locked due to age.
Parents
  • 0

    you can configure ssl-vpn to obtain dns-server adressses from vpn-connection.

    Remote-Access / Advanced there you find the options that can be configured to be pushed by dhcp to the ssl-vpn-client.

  • 0 in reply to zaphod

    Thanks, although when I go here all I can see are the Cryptographic settings, compression settings and the debug settings. None of these give an option to block outside DNS, which makes me wonder if it needs to be done with the Sophos or not. 

  • 0 in reply to TitanRob16

    you dont need to block outside dns.. dns is needed to have name resolution... so if your clients should be able to do do websurfing they need a dns server.

    if you dont give the dns-servers with your ssl-vpn-connection then clients use their own ones.. so it is sometimes impossible to use internal dns names not beeing resolved by internet dns..

     

    best practice is here to configure internal dns server / internal wins server and your internal domain name so your connected clients can use internal ressources per name as they where located internal....

     

  • 0 in reply to zaphod

    also you look wrong place:

     

Reply Children
No Data