This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM as DHCP & DNS 'Server'...

Hi!

We have 50x Mac/Win users in our office, accessing an internal wiki. Remote users connect to the UTM via OpenVPN client.

Internal wiki: wiki.example.com (10.2.2.20)

When VPN clients or internal clients try to reach the wiki, half the time they are reaching an external internet site that exists with the same ip address as our internal one. Therefore, sometimes the clients are using the public DNS Servers first, instead of the UTM which is configured as the primary DNS Server.

Our Sophos support company recommend configuring DHCP on the UTM to give clients only one DNS Server - the UTM.

Unfortunately, in practise, this really slows down internet browsing for clients, especially for VPN clients, understandably.

I found the DNS Best Practise guide here, but it talks about an internal DNS server:
https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice#pi2353=2

We don't have an internal DNS Server, only the UTM itself, which is our Firewall, DHCP Server, VPN Server and Threat Management solution.

- Does this guide still apply to me?

- Is the UTM acting as an actual DNS Server, or just a forwarder of some kind?

- Would we be better served with a dedicated internal DNS Server running on a linux VM, for example? I want to keep our infrastructure as compact as possible.

Thanks for any help or suggestions!



This thread was automatically locked due to age.
Parents
  • Hallo Benjamin,

    I know that you're in Berlin, so I won't disagree with your Sophos partner.

    Yes, the guide still applies - just take the internal DNS server out of the picture.

    "... an external internet site that exists with the same ip address as our internal one." - That's confusing, did you mean, "an external internet site that exists with the same FQDN as our internal one?"

    How is 'Remote Access >> Advanced' configured?

    How are you giving Internal users internal IPs for FQDNs that are also on your public authoritative name server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob!

    Thanks for getting back to me :)

    "... an external internet site that exists with the same ip address as our internal one." - Yep! I meant to say "an external internet site that exists with the same FQDN as our internal one"  Eg, printer1.companydomain.com will return the error page not found from our public companydomain.com website.

     

    Remote Access > Advanced has the following configuration:

    - DNS Server #1: Internal Sophos IP

    - DNS Server #2: 1.1.1.1

    - Domain name: companydomain.com


    I inherited this setup and am unfamiliar with the Sophos gear. I am thinking the UTM domain name should have been originally configured differently to the public website...

    The public website is hosted by a remote hosting partner. 

Reply
  • Hi Bob!

    Thanks for getting back to me :)

    "... an external internet site that exists with the same ip address as our internal one." - Yep! I meant to say "an external internet site that exists with the same FQDN as our internal one"  Eg, printer1.companydomain.com will return the error page not found from our public companydomain.com website.

     

    Remote Access > Advanced has the following configuration:

    - DNS Server #1: Internal Sophos IP

    - DNS Server #2: 1.1.1.1

    - Domain name: companydomain.com


    I inherited this setup and am unfamiliar with the Sophos gear. I am thinking the UTM domain name should have been originally configured differently to the public website...

    The public website is hosted by a remote hosting partner. 

Children
No Data