DNS Resolution Issues with Sophos Connect

Hi Christian,

If you’re using SSL VPN, please follow these steps:

Check the Tunnel Access settings, If the Use as Default Gateway option is turned on, please turn it off, Download the configuration file again, and verify.

If this solves the issue and you want to use is option "Use as Default Gateway" go to SSL VPN global settings, Specify the DNS settings, enable it again, and Download the configuration file again.

Good morning.

I have the Default Gateway turned off.

Upon checking, I realized that if DNS servers are configured in the SSL VPN global settings, then all DNS queries are made against the firewall when the VPN is connected. If no DNS servers are configured in that section, the DNS requests are made directly from the device's Ethernet.

Still, I don't know if there is a way to establish an order so that the Windows Ethernet connection resolves the DNS first and not through the Sophos network adapter.

Hi Christian Garcia N Instead of VPN it is more of System OS-side logic that uses InterfaceMetric and based on that forwards traffic over that Interface when multiple interfaces are available with DNS server settings. 

Lowe the value of InterfaceMetric higher the precedence. 

Powershell command to confirm the same:

>Get-NetIPInterface

So you may set InterfaceMetric low compared to other interfaces for the LAN interface if you want your DNS traffic must get prioritized over the LAN interface! 

An example of such an old thread discussion where the scenario was reversed and DNS traffic was getting routed to the LAN adapter in place of VPN due to InterfaceMetric being set to 1 for the LAN adapter.

community.sophos.com/.../531888

Hope these settings and information will help to address the query!

Thank you very much for the contribution, changing the interface metrics may be useful to me.