This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Architecting DNS for users with 2 SSL-VPN connections to 2 UTM's on separate sites

Hi we have an interesting scenario, We have clients using the OpenVPN client to connect to multiple (2) client sites (both UTM's) at the same time, although once we connect we have DNS issues. All users are remote and so its not viable to have an Internal DNS server in the office and although local host files work they are a pain to setup on everyone's machine.

As they are separate clients we don't want to connect the sites together, and I'm not sure what other options we have to fix DNS resolution for both sites when connected to both, any suggestions would be great.

Thanks,

 



This thread was automatically locked due to age.
Parents
  • Depends whether the goal is to tunnel between clients or merely to have the ability to support both clients with rapid context switching.

    If the latter, then the preferred solution is to have a desktop, probably virtual, for each client, with one vpn tunnel from each of the two desktops.   Virtual desktop could be at home or at your data center, but your data center is preferred.  However,  everything costs money and you need to stay in business.

    I have asked elsewhere in this forum how to ensure that a computer at home is secure, and if it comes into the office how to ensure it does not bring malware along for the ride.   I have not had any responses.

    If your staff is working from home with vpn tunnels into client environments, you have a lot of obstacles when trying to protect them from malicious websites, malicious emails, and adjacent infected computers.  Then there is the usual challenge of patch management as well.   Not for the faint of heart.  

Reply
  • Depends whether the goal is to tunnel between clients or merely to have the ability to support both clients with rapid context switching.

    If the latter, then the preferred solution is to have a desktop, probably virtual, for each client, with one vpn tunnel from each of the two desktops.   Virtual desktop could be at home or at your data center, but your data center is preferred.  However,  everything costs money and you need to stay in business.

    I have asked elsewhere in this forum how to ensure that a computer at home is secure, and if it comes into the office how to ensure it does not bring malware along for the ride.   I have not had any responses.

    If your staff is working from home with vpn tunnels into client environments, you have a lot of obstacles when trying to protect them from malicious websites, malicious emails, and adjacent infected computers.  Then there is the usual challenge of patch management as well.   Not for the faint of heart.  

Children
  • Hi Douglas,

    We are in the process of rolling out corporate laptops to all users and we already have MDM, with AV & patching testing , so we are not massively concerned in this area.

    Ideally constant access to both environments is what is needed as required (SSL-VPN), rapid switching is what they are currently doing and the switching every 5 minutes is impacting the project delivery.

     

    Thanks,