SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

VPN: Split DNS for SSL VPN Clients

Perform selective DNS forwarding via the SSL VPN tunnel for a given list of domains to the DNS servers that are pushed to the client when the VPN is established.

All other DNS lookups should be performed to the local DNS servers the client uses. Thus you would be able to look up both instead of having to choose.

36 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    AndreasAndreas shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • MichaelMichael commented  ·   ·  Flag as inappropriate

        This feature is absolutely necessary.
        For example when you have maintenance tasks at a customer with whom you are connected via SSLVPN all day. Then you get the DNS configuration and search domain delivered by the SSLVPN client.

        Since you are still connected to your workplace and local IT infrastructure you lose the local DNS because all requests go to the remote DNS server behind the tunnel.

      • AndreasAndreas commented  ·   ·  Flag as inappropriate

        Bob, with established sslvpn tunnel you can only resolve *remote* internals domains not local ones.
        If you are sitting at customer side for example, e.g. with internal dns largeenterprise.corp and lots of customer systems you could/should resolve/access. Once the vpn tunnel is established, you wont be able to resolve any of these hosts. You have to know ip addresses to access customer system (or even edit your local host file *uhh*). You can only resolve your own servers via vpn, e.g. with domain mycompany.local (and of course all public domains if the dns settings allow this).
        So it would be very nice if both local and remote *internal* domains can be resolved with established sslvpn.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.