DNS traffic from SSL VPN clients allowed any DNS server

Question

Hi all, While testing some stuff on travel, I've discovered that my SSL VPN connected client can make DNS requests to ANY dns server (home ISP router, Google public DNS etc). That's a little weird to me because my Network Protection --> Firewall --> Rules are completely exempt of DNS based rules, i rely on my UTM DNS server which forwards requests to my Home ISP router. 
 I've been under the impression that with no matching rules, traffic should be denied. Am i wrong here? Also, i've verified from a Home LAN based host via RDP, the LAN hosts have no DNS access to any other DNS server than my UTM dns server. any other attempts at UDP 53 is dropped. The live logs show Default DROP hit for such traffic, although via the SSL VPN it passes through.. Any ideas are welcome. Cheers, m.

Mokaz · Answer

Hi there, So i've sorted myself out. And to reply to your question, full tunnel configuration, no split tunnel and full DNS leak avoidance (local ISP DNS replaced with bogus information, only DNS available = UTM). It turns out the the UTM SSLVPN setup propose you per default to set the firewall rules automatically, allowing SSLVPN user/groups to any / any as rule number 1 on the FW. So of course, not any other rules were processed as all the SSLVPN clients traffic hit that rule 1st so no more rules processing. So i've simply reconfigured the SSLVPN server without the automatic rules and all the SSLVPN clients traffic is now fully regulated by my inserted rules. Also, if no match = default drop, so my assumptions were correct. Thanks, Regards, m.