This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to have IP's show up as hostnames in reports/logging

Hello all,

 

First time posting. I am running Sophos UTM 9 behind an Edgerouter 4. Simply using sophos as a web filter for the kids in the home as it appears to be the best product out there and a fun tool to play with. One issue i'm having is trying to get all the IP's in UTM to show as hostnames so it is easier to identify when looking at logging and reporting. I have seen a few other threads on this site but still having issues. I am running active directory with DNS but my DHCP servers are currently on the Edgerouter, not sure if that matters, but if so i can easily move those to the domain controller. I have defined my DNS server in UTM and have also setup the request routing field, adding the reverse DNS for the domain and the DNS server for the target. I'm not 100% sure i did this correctly, and also not sure what i'm supposed to do on the DNS server side to make this work (if anything?).

 

If anyone could shed some light on how to best approach getting hostnames to show up instead of IP's in sophos that would be killer. Thanks so much in advance!

 

Jeff



This thread was automatically locked due to age.
  • For an update to my own thread...

    After some reading, i figured out what i needed to do to create the reverse DNS on my windows server. Since i have multiple segments, i created a couple different reverse lookup zones. Once created i ran the nslookup > set type=ptr > 192.168.10.56 (which is a host on my network), but no luck. I waited some time for things to sync up, tried again still no luck. I also tried this same step with different IP's across the network segments, no luck. Next step, i created a new DNS A record and checked the PTR record box, which added it to the reverse DNS Zone. Again i ran the nslookup command and now it is showing me the hostname. Hopped over to sophos and now my UTM is reporting that one hostname instead of its IP address. So i'm halfway there. I was hoping the clients would add into the reverse zones without having to manually do it, but if this is what i have to do, then that is fine i guess.

    As usual, if anyone has further tips or tricks, please respond. Thanks!

     

    Jeff

  • Hi Jeff and welcome to the UTM Community!

    You might want to consult DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA