So I have this DHCP
VLANS all like this
and DNS like this
From any computer in VLAN 100 I can ping another computer in VLAN100 like this
But, if I try to ping a server (by name and not IP) that is on a different vlan (vlan200) it can't resolve the name.
I.e. how can I can the DNS to work across the VLANS....
Note: I have added a record to the 'DNS Host Entry' section to line the name to the IP and that did nothing so I removed it again.....
as Dirk Kotte already wrote: you need FQDN for this to work. NetBIOS names won't work.
FQDN = cws-server-01.domain.internal (with "domain.internal" being your internal domain suffix)…
you need to add the entries to the DNS host and changer your DNS servers on your DHCP server to be the network address of your VLAN in each case.
i forgot, you will also need a lan, any lan any allow all rule.
XG115W - v19.0.1 mr-1 - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
I changed the DHCP on each of the VLANS by unticking that box and putting just a DNS server in so i.e. 192.168.100.1 and then added the record back into the 'DNS Host Entry' but still no luck.....
What is this firewall rule? I have the following
Change the dns entry to use reverse lookup. Your firewall rule should work and needs to be at the top of your rule list. Then check logviewer to see which rule the traffic is hitting.
I changed to reverse dns as suggested and added that rule fairly high up. First one for that VLAN.
Still can't ping but using cmd on windows to 'ping cws-server-01'..... can't resolve the name.
I have these errors in log -- and ones with port 137
Note: port 4 is the physical port the vlans are on
That error is a fail to get a response from the DHCP server, I see multiple of them even after the requesting device has received an IP address, so check to see if the device has an IP address and if so you can ignore them. The firewall will not pass 137 from memory.
Try the nslookup for the server, you might need to do the action two or three times while the XG updates its tables.
Are the entries in the networks the IP address or the network range fro each VLAN?
If you wish to have Sophos XG as your DNS-Server, you must allow DNS for these zone within device-access.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Sorry I don't understand. WHat do you mean?
I think Dirkkotte means by device access is the following: https://soph.so/WDqCeh
Administration>Device Access on XG FW
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
ahh yeah I have those ticked. for lan and wifi.
The name lookup on the xgs works, but still does't work on the computers on the actual netwrok.
What do you mean "Are the entries in the networks the IP address or the network range fro each VLAN?" ??