(all Domains and IPs are faked)
Our Setup on one of our branches:
UTM 9 SG105-box
small Network with 3 Computers (Win7 PCs)
Internetaccess Firewall -> cablemodem
There is a VPN-Tunnel to our datacenter where all our Servers are hosted.
Win Domaincontrollers also in the datacenter, Win computers domainjoined.
Internaly we use domains like da02.dolphin.ch (Win Domain) and internal.ch which also exist in the Internet too
dolphin.ch is also in the Internet one of our Domains. Internal.ch we use only to resolve internal Servers.
PCs use as DNS-Servers our internal DNS-Servers in the datacenter (10.144.1.109 and 108) but we also put in These as ext. resolver in the UTM9.
Now the Problem:
The PCs want to reach with http:80 certain Websites/Services in the datacenter.
example monitoring.internal.ch and citrixfarm.dolphin.ch
if we ping these Hosts we get correct internal IPs from the datacenter (through the VPN-Tunnel) resolved by our internal DNS-Servers (result 10.144.1.104 and 10.144.1.211)
If we want to access the associatet URLS (http:80) utm 9 leaves also the resolvers beside, resolves with whatever and gives us back a destination in the Internet.
We tried to exclude the 2 domains internal.ch and dolphin.ch in the webfilter with no better result. Webfilter still looks 'outside' in the Internet for it........
We never reach the Services in the datacenter.......and that blocks so much things.
All other Services not based on http will seamless go through the vpn-tunnel to the datacenter, all works fine.
How to prevent the Webfilter (without turning it off =;-))from resolving URLs to the WAN-Internet and is not using the resolvers which we have configured?
Thanks for 'resolving' =;-)
This thread was automatically locked due to age.