Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos XGS 116w - DNS Request Route

A customer site has a 2nd gateway that is required to access one of their vendor's systems. Our Sophos XGS has static routes in place to direct any traffic intended for the vendor network to the 2nd router. Rather than adding host entries for the vendor in the DNS config I'm trying to set up a DNS request route that points to the vendors DNS servers, thus future proofing the setup against any IP address changes on the vendor's end.

Unfortunately its not resolving the URLs. I've added the base domain to the DNS request route section and the target DNS servers which I had set up in the hosts section. 



Added TAGs
[edited by: Erick Jan at 7:39 AM (GMT -7) on 1 Oct 2024]
Parents
  • Hi   Do you have any clue from TCPDUM on the DNS service port to see cpn.vwg domain query requests are going out via the expected Gateway or not? if it is routing via expected GW in TCPDUMP, are you getting a reply packet or not for the same DNS queries by DNS1 or DNS2 set by you in the host? 

    If Multiple WAN Gateways are there I would suggest adding an SD-WAN route for the required domain/FQDN/Host to route the query for DNS protocol via the required ISP as it may be possible DNS query above is getting out via another Gateway which is not knowing the answer for it!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hi   Do you have any clue from TCPDUM on the DNS service port to see cpn.vwg domain query requests are going out via the expected Gateway or not? if it is routing via expected GW in TCPDUMP, are you getting a reply packet or not for the same DNS queries by DNS1 or DNS2 set by you in the host? 

    If Multiple WAN Gateways are there I would suggest adding an SD-WAN route for the required domain/FQDN/Host to route the query for DNS protocol via the required ISP as it may be possible DNS query above is getting out via another Gateway which is not knowing the answer for it!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data