This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Split-DNS and RED15

We are using a RED15 in Standard/Unified Mode. It connects up with our SG 125 fine and we can access MOST things. We can access the Internet, DNS is working, able to access Shares, etc.. but for some reason we can't access some servers we have setup via Split-DNS (RDS and Exchange).

I'm unable to Ping the IPs in Split-DNS whereas I can Ping other IPs on our network fine. I'm unable to use Remote Desktop to get to the servers in the Split-DNS or access anything else on them (i.e. Shares, Services.) Anything (PCs/laptops/etc..) that aren't behind the RED15 are able to access everything in Split-DNS so I don't believe we have anything setup incorrectly from that "side".

I feel like it should be something simple but I've been able to figure it out. I'm willing to start from scratch and take any recommendations from the Community.

I hope I've included enough information for at least a starting point.

Thank you for your time.



This thread was automatically locked due to age.
  • Hi Ryan and welcome to the UTM Community!

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for the Reply Bob.

    As you can see in the screenshot I see the SYN entry from Remote Desktop to 192.168.10.6 (one of the Servers in Split-DNS) but that is it. The entries for 192.168.10.4 are a successful connection with Remote Desktop to a Server not in our Split-DNS.

     

     

    I do have a Firewall Rule setup that allows ANY Service from Source (RED15) to Destination (SG 125) and vice versa that I forgot to mention in my original Post.

  • So it sounds like this is a routing issue.  Show us a simple stick diagram of your topology including the devices behind the RED, the Interfaces & devices behind the UTM and representative IP addresses.  Also a picture of the Edit of the Server definition in the UTM for the RED.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I hope that works for a Network Diagram. As far as "Server Definition" do you mean the Interface entry as that is what I included. If not, then I'm not sure what you are asking for.

  • Your diagram indicates that the RED I connected to the UTM via a switch instead of over the Internet - is that right?

    The Server definition is on the '[Server] Client Management' tab in 'RED Management'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It is currently, yes. I just wanted to hook it up and test things before taking it to the site. At the site it will be hooked to a Business Cable modem with a switch off of it.

     

    The UTM Hostname is in an IP format but I didn't want the Public IP known.

  • "The UTM Hostname is in an IP format but I didn't want the Public IP known."

    Replace that with 192.168.10.3 (the IP of "Internal (Address)") and see if you get better mileage.  Ultimately, you will want to use the FQDN of the hostname that you assigned in accordance with The Zeroeth Rule in Rulz.

    Cheers -Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I had tried that during my initial troubleshooting but for good measure went back and tried both again with no luck.

  • I think you've proven that it works, so I would urge you to deploy it.  Now, you're just fighting routing problems for no gain.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I went ahead and put in the FQDN of the Hostname for the UTM. I also just went ahead and put the RED15 on our Cable Modem as I forgot we had a spare outside/external IP.

    I don't have time this morning to put a device on RED15 and see if the Routing issue is gone. I'll get back to you this afternoon and let you know how things went.