Is it possible to have two different DNS views on the UTM based on the IP of the client?
I'm currently setting up a WLAN on a SG230 for guest access (hotspot/ticket system).
However this SG has many other modules in use (namely firewall, web and mail protection).
The DNS is fed by the provider DNS, but there is a delegations for "*.company.com" to the internal AD DNS.
So users can lookup hosts like "fileserver.company.com", "ticket-system.company.com" and all the like.
Works well with both wired and wireless corporate users.
However I want visitors on the guest SSID *not* have this forward to the internal nameserver.
So "fileserver.company.com" shall give "not found", "www.company.com" shall give the external (not the internal) IP and all the like.
How can I do this? The standard setup gives the SG ad DNS for wireless guest clients in the DHCP response. With this the guests can lookup the internal names and IPs (they cannot reach them due to the firewall, but this causes lenghty timeouts.
A "cheap" way might be to assign a public DNS (i.e. 8.8.8.8) tho the guests. However this not only "looks cheap", it might also cause problems with looking up the hotspot page, the "passthrough.fw-notify.net" and all the like.
With bind9 it's pretty simple to have different DNS views based upon the IP of the client with some ACLs.
How is this usually done with the Sophos UTM? Am I missing something?
Thanks in advance.
This thread was automatically locked due to age.
