Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 2816 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Resolution Issues with Sophos Connect

Christian Garcia N

Recently, I had a problem with a client and their VPN. I noticed that when connecting to the VPN using Sophos Connect, all the DNS requests I make are resolved by the XG. In other words, when I run an nslookup google.com while connected to the VPN, the XG will be the one to tell me who google.com is.

Is it normal for all DNS requests to be resolved by the XG and not by the DNS server configured on the Windows Ethernet network card?

The problem with routing all DNS requests through the VPN is that it increases latency for certain applications they use.

Is there a way to connect to the VPN and have DNS requests resolved by the DNS server configured on the Windows network card (for example, their router) instead of the XG?

Thanks!!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian,

    If you’re using SSL VPN, please follow these steps:

    Check the Tunnel Access settings, If the Use as Default Gateway option is turned on, please turn it off, Download the configuration file again, and verify.

    If this solves the issue and you want to use is option "Use as Default Gateway" go to SSL VPN global settings, Specify the DNS settings, enable it again, and Download the configuration file again.

  • 0 in reply to Abdelhamed Kasem

    Good morning.

    I have the Default Gateway turned off.

    Upon checking, I realized that if DNS servers are configured in the SSL VPN global settings, then all DNS queries are made against the firewall when the VPN is connected. If no DNS servers are configured in that section, the DNS requests are made directly from the device's Ethernet.

    Still, I don't know if there is a way to establish an order so that the Windows Ethernet connection resolves the DNS first and not through the Sophos network adapter.

  • +1 in reply to Christian Garcia N

    Hi  Instead of VPN it is more of System OS-side logic that uses InterfaceMetric and based on that forwards traffic over that Interface when multiple interfaces are available with DNS server settings. 

    Lowe the value of InterfaceMetric higher the precedence. 

    Powershell command to confirm the same:

    >Get-NetIPInterface

    So you may set InterfaceMetric low compared to other interfaces for the LAN interface if you want your DNS traffic must get prioritized over the LAN interface! 

    An example of such an old thread discussion where the scenario was reversed and DNS traffic was getting routed to the LAN adapter in place of VPN due to InterfaceMetric being set to 1 for the LAN adapter.

    community.sophos.com/.../531888

    Hope these settings and information will help to address the query!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • +1 in reply to Christian Garcia N

    Hi  Instead of VPN it is more of System OS-side logic that uses InterfaceMetric and based on that forwards traffic over that Interface when multiple interfaces are available with DNS server settings. 

    Lowe the value of InterfaceMetric higher the precedence. 

    Powershell command to confirm the same:

    >Get-NetIPInterface

    So you may set InterfaceMetric low compared to other interfaces for the LAN interface if you want your DNS traffic must get prioritized over the LAN interface! 

    An example of such an old thread discussion where the scenario was reversed and DNS traffic was getting routed to the LAN adapter in place of VPN due to InterfaceMetric being set to 1 for the LAN adapter.

    community.sophos.com/.../531888

    Hope these settings and information will help to address the query!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
Unfiltered HTML