Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Note: Thank you K-M for sharing the work around
Table of Contents
Overview
This recommended read addresses the issue concerning NCL-1383: “DNS is appended upon connecting to multiple Sophos Firewalls using Sophos Connect Client.
Issue
Upon disconnecting from the first VPN and connecting to another Server, the DNS of the 2nd firewall is appended instead of being replaced, thus causing an issue.
Reproduction Test
To further explain, kindly see the test done.
Step 1. Configure IPsec remote Access on two different Sophos Firewalls and test on a single device.
Step 2. Configure DNS for both firewalls.
FW 1
FW2
Step 3. Connect the Client to FW1.
The Tap adapter output of the Windows Client Machine had no issue upon getting the correct DNS
Step4. Disconnect on FW1 and connect to FW2.
*The DNS of the FW2 is appended instead of replacing the DNS entry from the FW1 and, as a result, causing a DNS issue.
Cause
Sophos Connect client appends DNS addresses instead of replacing them
Solution & Workaround
The Issue has been forwarded to the Sophos DEV team, and the fix will be included in Sophos Connect 2.3 with ID NCL-1383.
For the workaround, a special thanks to our community User “K-M” for sharing the script below:
Sophos Connect client appends DNS addresses instead of replacing them
To apply this, kindly follow the steps below:
- Open Windows Powershell in Administrator mode
2. Paste or type the script.
Alternative solutions
- Release via GPO a script to change the DNS Addresses
- Redeploy the VPN connection, having users get it via the user portal.
- Manually edit DNS entries.
Updated Cause
[edited by: Erick Jan at 12:16 AM (GMT -7) on 3 Nov 2023]
