Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Management/Implementation

I have the below deployment on my environment

Devices/Servers

- Sophos XG 210 FW (Assigned it's own Public IP [i.e. x.x.x.67])

- Switch (Cisco ) - Connects all the APs and Servers 

- 3 Server (1 Web server with it's own Public IP [i.e. x.x.x.68])

- Unifi APs (All users connect)

My current implementation has the NAT Rules where i have set the LAN tied to [i.e. x.x.x.67] with google DNS and My AD internal IP {x.x.x.8} I have also done NAT for the Web Server to [i.e. x.x.x.68] and set the DNS to Public google DNS and AD internal IP{x.x.x.8}. 

The issue am currently having is the DNS is really unstable some sites (Hosted on the Web Server) are accessible while some for some reason cannot resolve. I end up getting DNS error or when some work they resolve to http yet i have set HTTPS redirection. 

Another issue is with some sites that can be accessed via http/https (Mainly web services) with the server name appended  to it i.e myappserver.mydomain gets a DNS error but If I access the same on say server3 (domain Joined) the url resolves and can access the webservices now am forced to have the developers switching to calling these webservices using the server IP. I get DNS error when i try to access the same url from my Windows machine (Connected to the LAN via WiFi) 

Another issue is Mac users keep getting an issue with RDP to the Web Server while on the LAN. When i try to Ping the server name it doesn't resolve but windows users are okay. 

This is a fairly new implementation on this environment as I was on Cisco ASA before moving to Sophos to try and evaluate it. 

Am not sure what am missing or how should I be going about this. (Setup for demo done by 3rd party provider) - been going back and forth with them but haven't had much success with stabilizing the DNS challenges we are currently facing. 



This thread was automatically locked due to age.