Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 56 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 379139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SOLVED]DNS best practice?

tbrandl

There are two ways to configure DNS:

One way:
- Allowing DNS outgoing for your internal nameservers
- internal nameservers forwarding to ISP-DNS
- ASG pointing to internal nameservers 

Another way:
- ASG forwarding to ISP-nameservers
- "request routing" on ASG for internal domain pointing to internal nameservers
- internal nameservers forwarding to ASG
 
Which way do you use? And why? Which is "officially preferred"?
Both configurations seem working good for me, we run the first alternative on our cluster, the second in branch offices without internal dns (domain dns reachable via site2site-vpn).

Thanks for your ideas!
Thomas



BAlfson's DNS Best Practice's post has been moved to it's own highlighted thread here: https://community.sophos.com/utm-firewall/f/recommended-reads/122972/dns-best-practice
[edited by: FloSupport at 11:12 AM (GMT -7) on 18 Sep 2020]
Parents
  • 0
    OK so I opened the 3 live logs before re-attempting to connect openvpn from device_A and i applied a filter on device_A's IP

     Intrusion Prevention stayed empty 
    Application Control stayed empty

    Firewall showed a dozen of green and white lines mentionning device_A, the green one also mentionned the firewall rule I created ( device_A -> ANY= Internet IPv4)
    this , initially when connecting, 
    but after the tunnel was successfully established, nothing, 
    successful pings successful tracereoutes and un-successful webpages showed no additionnal lines in the firewall logs, as if once the tunnel established, the apckets were not traveling to the UTM under the device_A's IP...
Reply
  • 0
    OK so I opened the 3 live logs before re-attempting to connect openvpn from device_A and i applied a filter on device_A's IP

     Intrusion Prevention stayed empty 
    Application Control stayed empty

    Firewall showed a dozen of green and white lines mentionning device_A, the green one also mentionned the firewall rule I created ( device_A -> ANY= Internet IPv4)
    this , initially when connecting, 
    but after the tunnel was successfully established, nothing, 
    successful pings successful tracereoutes and un-successful webpages showed no additionnal lines in the firewall logs, as if once the tunnel established, the apckets were not traveling to the UTM under the device_A's IP...
Children
No Data
Unfiltered HTML