Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN Split Tunnel DNS Resolution failed

Hi,

when using SSLVPN in split-tunnel mode, DNS resolution to internal resources is not possible. A ping returns "Host not found". When I perform a nslookup, the XGS is contacted and resolves successfully.

I've also tried several VPN clients, including the Sophos native client and SecurePoint. Unfortunately, the same issue persists. The only workaround so far is manually maintaining the local HOSTS file, which I'd like to avoid.

Does anyone else have this problem or any ideas where I might have gone wrong?

Best regards!

fusi



This thread was automatically locked due to age.
Parents
  • Hi  Can you please confirm in the end machine for the LAN interface the automatic metric is not disabled? So system will take that interface into a precedence for DNSlookup. If the above is the situation (i.e. auto matric is diable or manually set to some higher value), please set the automatic metric value or set it to 1 to give the highest ranking. This should help to fix the issue.

    Windows uses the first DNS records associated with the highest-ranking network interface. i.e. Based on the "InterfaceMetric" value of the interface Windows machines generally send the DNS query and below is the PowerShell command to confirm:

    >Get-NetIPInterface

    Lower metric = higher priority.

    For more information please refer to below old thread - community.sophos.com/.../528699

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hi  Can you please confirm in the end machine for the LAN interface the automatic metric is not disabled? So system will take that interface into a precedence for DNSlookup. If the above is the situation (i.e. auto matric is diable or manually set to some higher value), please set the automatic metric value or set it to 1 to give the highest ranking. This should help to fix the issue.

    Windows uses the first DNS records associated with the highest-ranking network interface. i.e. Based on the "InterfaceMetric" value of the interface Windows machines generally send the DNS query and below is the PowerShell command to confirm:

    >Get-NetIPInterface

    Lower metric = higher priority.

    For more information please refer to below old thread - community.sophos.com/.../528699

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children