i am new to sophos firewall XG115, i have follow this guide https://community.sophos.com/kb/en-us/122769#Configuring%20advanced%20SSL%20VPN%20settings,
and read similar problem https://community.sophos.com/products/xg-firewall/f/network-and-routing/97774/dns-over-ssl-vpn,
but still access local resources by ip only, can't access using hostname, could anyone help? thanks.
Not really much specific information ...
Is your DNS Server reachable from the client? Not only ping but also on the DNS port. Did you check what is written in the second article.
Look in the Firewall logs to figure out whether packets ar dropped from the client to the DNS server and vice versa.
Hi Billy Lo1 Is DNS server IP has been added to SSL VPN configuration?Could you try to capture packets on the XG firewall from the SSL VPN user machine when you try to access the server using URL?Please check whether the DNS request or URL requests coming to the firewall or not.It may be possible that when you access the URL, it will use the default ISP of the user system instead of sending traffic to the XG firewall.What DNS IP is configured in the user system?
KeyurCommunity Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
i can ping the dns server ip, and the packet is from VPN client to DNS server successfully.
Billy Lo1 It also depends on the request getting initiated by end system when you are trying to access it via host name.If host name based access at system end generating NETBIOS traffic then it will not getting forwarded to SSL VPN and reason for the same is NETBIOS traffic over VPN is Feature request. Please find the below existing thread on idea portal of Sophos. https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31598914-vpn
https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/36942202-netbios-over-vpn May be setting up the WINS server on local network and use/define that WINS server on SSL VPN settings may help to fix this one.
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
yes, i put my dns server ip(e.g. 192.168.1.10) into IPv4 DNS primary in SSL VPN Setting page
it seems using default isp dns, but i check in vpn client network connection detail, DHCP server is using SSL VPN ip i set in firewall, and DNS is using 192.168.1.10
In the SSL VPN settings have you set the local domain name ?
each time you edit the SSL VPN configuration, you need to download the VPN Client configuration from the user portal, otherwise the SSL VPN Client is not updated with latest changes. As suggested by others, make sure to fill the domain name in the SSL VPN Settings and put the correct DNS servers. Re-download the ssl vpn client config and try again.
just try to set domain name, it can connect using hostname, but it's seem like auto adding the post-suffix at the end of hostname, it's not using the internal DNS at all, anyway, it's ok. thanks.