Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Note: Thank you K-M for sharing the work around
Table of Contents
This recommended read addresses the issue concerning NCL-1383: “DNS is appended upon connecting to multiple Sophos Firewalls using Sophos Connect Client.
Upon disconnecting from the first VPN and connecting to another Server, the DNS of the 2nd firewall is appended instead of being replaced, thus causing an issue.
To further explain, kindly see the test done.
Step 1. Configure IPsec remote Access on two different Sophos Firewalls and test on a single device.
Step 2. Configure DNS for both firewalls.
Step 3. Connect the Client to FW1.
The Tap adapter output of the Windows Client Machine had no issue upon getting the correct DNS
Step4. Disconnect on FW1 and connect to FW2.
*The DNS of the FW2 is appended instead of replacing the DNS entry from the FW1 and, as a result, causing a DNS issue.
Sophos Connect client appends DNS addresses instead of replacing them
Solution & Workaround
The Issue has been forwarded to the Sophos DEV team, and the fix will be included in Sophos Connect 2.3 with ID NCL-1383.
For the workaround, a special thanks to our community User “K-M” for sharing the script below:
To apply this, kindly follow the steps below:
- Open Windows Powershell in Administrator mode
2. Paste or type the script.
- Release via GPO a script to change the DNS Addresses
- Redeploy the VPN connection, having users get it via the user portal.
- Manually edit DNS entries.
[edited by: Erick Jan at 12:16 AM (GMT -7) on 3 Nov 2023]