Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 5583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 50 establishing Tunnel requires DNS ?

Moe Shea

Hello,

 

I was troubleshooting a RED 50 box where the tunnel was not being established. Once the Router green LED is on, the System LED flashes red an the box retries all over again. The RED 50 box is configured to obtain a DHCP IP from the internal LAN. The issue was resolved when we added a DNS server address in the DHCP server configuration, as the latter was initially configured to distribute IP addresses without any DNS address.

My question is whether it is a requirement of the RED 50 to obtain a DNS address in order to establish the tunnel, although no DNS resolution takes place in the tunnel establishing process?

I can confirm that the RED 50 cannot access the DNS Server ip address it obtained via DHCP server as an internal firewall blocks the RED 50 from accessing the network where the DNS server resides.

Regards,

 

Moe Shea

 



This thread was automatically locked due to age.
Parents
  • +1

    Hi and welcome to the UTM Community!

    If the 'UTM hostname' in the RED 50 Server definition is an FQDN, then, yes, the RED must be able to get name resolution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob for the welcome and the reply

     

    I suspect that during establishing the tunnel, the red50 goes through a checklist which includes lookingfor  a dns server ip address entry, even if this dns server is not reachable. I remember the older red 30 boxes never required any DNS entry for tunnel establishment.

     

    Thanks again

Reply
  • 0 in reply to BAlfson

    Thanks Bob for the welcome and the reply

     

    I suspect that during establishing the tunnel, the red50 goes through a checklist which includes lookingfor  a dns server ip address entry, even if this dns server is not reachable. I remember the older red 30 boxes never required any DNS entry for tunnel establishment.

     

    Thanks again

Children
  • +1 in reply to Moe Shea

    The alternative is to use a fixed IP address in the RED Server definition in the UTM - then no DNS lookup is done.  I don't think that behavior has changed from the RED 10/30.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML