Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Sophos Connect Client DNS Issue upon connecting to multiple VPN

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Note: Thank you  for sharing the work around


This recommended read addresses the issue concerning NCL-1383: “DNS is appended upon connecting to multiple Sophos Firewalls using Sophos Connect Client.


Upon disconnecting from the first VPN and connecting to another Server, the DNS of the 2nd firewall is appended instead of being replaced, thus causing an issue.

Reproduction Test

To further explain, kindly see the test done.

Step 1. Configure IPsec remote Access on two different Sophos Firewalls and test on a single device.

Step 2. Configure DNS for both firewalls.

FW 1


Step 3. Connect the Client to FW1.

The Tap adapter output of the Windows Client Machine had no issue upon getting the correct DNS

Step4. Disconnect on FW1 and connect to FW2.

*The DNS of the FW2 is appended instead of replacing the DNS entry from the FW1 and, as a result, causing a DNS issue.


Sophos Connect client appends DNS addresses instead of replacing them

Solution & Workaround

The Issue has been forwarded to the Sophos DEV team, and the fix will be included in Sophos Connect 2.3 with ID NCL-1383.

For the workaround, a special thanks to our community User “K-M” for sharing the script below:

 Sophos Connect client appends DNS addresses instead of replacing them 

To apply this, kindly follow the steps below:

  1. Open Windows Powershell in Administrator mode

2. Paste or type the script. 

Alternative solutions

  • Release via GPO a script to change the DNS Addresses
  • Redeploy the VPN connection, having users get it via the user portal.
  • Manually edit DNS entries.

Updated Cause
[edited by: Erick Jan at 12:16 AM (GMT -7) on 3 Nov 2023]