Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Management/Implementation

I have the below deployment on my environment

Devices/Servers

- Sophos XG 210 FW (Assigned it's own Public IP [i.e. x.x.x.67])

- Switch (Cisco ) - Connects all the APs and Servers 

- 3 Server (1 Web server with it's own Public IP [i.e. x.x.x.68])

- Unifi APs (All users connect)

My current implementation has the NAT Rules where i have set the LAN tied to [i.e. x.x.x.67] with google DNS and My AD internal IP {x.x.x.8} I have also done NAT for the Web Server to [i.e. x.x.x.68] and set the DNS to Public google DNS and AD internal IP{x.x.x.8}. 

The issue am currently having is the DNS is really unstable some sites (Hosted on the Web Server) are accessible while some for some reason cannot resolve. I end up getting DNS error or when some work they resolve to http yet i have set HTTPS redirection. 

Another issue is with some sites that can be accessed via http/https (Mainly web services) with the server name appended  to it i.e myappserver.mydomain gets a DNS error but If I access the same on say server3 (domain Joined) the url resolves and can access the webservices now am forced to have the developers switching to calling these webservices using the server IP. I get DNS error when i try to access the same url from my Windows machine (Connected to the LAN via WiFi) 

Another issue is Mac users keep getting an issue with RDP to the Web Server while on the LAN. When i try to Ping the server name it doesn't resolve but windows users are okay. 

This is a fairly new implementation on this environment as I was on Cisco ASA before moving to Sophos to try and evaluate it. 

Am not sure what am missing or how should I be going about this. (Setup for demo done by 3rd party provider) - been going back and forth with them but haven't had much success with stabilizing the DNS challenges we are currently facing. 



This thread was automatically locked due to age.
Parents Reply
  • Hello Kelvin,

    you should avoid a setup like this. Use your internal DNS only and leave the second DNS empty in the clients configuration.

    Then use the internal DNS to forward DNS requests outside your network's scope to the Firewall to forward it to your ISP's DNS systems or to Google DNS.

    That is the best practise.

    Additionally have a look here: support.sophos.com/.../KB-000038157

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children