Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 298 views
  • Users 0 members are here
Options
Suggested

What's the impact of DNS settings in General SSL VPN settings

Andrej Pirman

Hi,

I've deployed doznes of SSL VPN clients, having DNS set to on-premises AD LAN DNS server 10.1.1.10 in General SSL VPN settings for all clients. Now when client with laptop connects to SSL VPN, I can see his/her default DNS resolving goes through VPN tunnel, while traffic does not (because it is NOT set as default gateway). I wanna know what's the impact of such setting?

Is it wise to have DNS setup under SSL VPN for all clients? I guess this might not be best practice, because:

  • DNS queries might take longer
  • our company AD DNS is under more pressure

But this might be unsignificant. What do you think? Good or bad practice?



Added TAGs
[edited by: Raphael Alganes at 2:40 AM (GMT -7) on 8 Jul 2024]
  • 0

    Hi  ,

    Thank you for reaching out to the community, having DNS settings strictly depends on the requirernemnt it is not a mandatory config for the global  SSL VPN settings. 


    So, no it is not necessary to configure DNS settings specifically for SSL VPN settings. However, proper configuration of DNS settings is important for the overall functionality and security of the network on which SSL VPN is being used. DNS settings are used to map domain names to IP addresses, allowing users to access resources on the network by typing in a familiar web address. Proper DNS configuration can help ensure that users are able to securely and efficiently access resources through the SSL VPN.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Yes, indeed. But having SSL VPN clients, which do NOT use VPN tunnel as default gateway, attached to company DNS just for the sake of probably few local resources to be properly resolved - is this wise? I guess better approach would be to manually enter DNS resolving in general SSL VPN settings for those few resources, which need to be resolved to VPN clients locally. Or maybe having "DNS host entries from Network settings auto available for SSL VPN clients...probably that's already in place....let me check...

    Nope, this does not work. So indeed the only way for VPN client to be able to resolve local names locally, is to have it use local DNS as default. But side effect is, that local DNS (by "local" I mean company's) is then used also for public queries for internet browsing. Which is not what I like.

Unfiltered HTML