SSL VPN DNS Registration for remote workers

We use Sophos SSL VPN for our remote workers which works great except for one issue.  When they connect they get a IP assigned to them from the "Virtual IP Pool". This does not update our internal domain DNS servers with their new IP address and worse yet it seems to give a different IP address each time they connect, unlike a typical DHCP server that will give the same IP address to the same client.

Most of the remote users are windows 10 workstations and I have played with the DNS registration settings on them trying to get them to update the DNS server but the workstations don't seem to update the DNS server when they get reconnected no matter what settings I use. 

Anything I can do to make this work better?  Not having their correct IP address registered in DNS means a lot of our automated tools for managing these workstations don't work because the only sure way to tell what IP address they are using is to look at the Sophos Admin page - Remote access list.



  • Hey Dan - welcome back!

    Take a look at a post I did earlier today.  Depending on how you have DNS configured (DNS best practice), you might be able to use one of the following:

    • Use the first trick and then manually change the IPs in your domain server.
    • Another option with quasi-fixed SSL VPN pool IPs is to create Host objects in the UTM with fixed IPs and to assign them DNS hostnames.

    Any luck with either of those or the NAT trick in the post I linked to?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA