Some users using WatchGuard VPN Firebox SSL sometimes have DNS and no established connection to the domain but with reports, it sometimes fixes itself over time. We see this happening off and on. Has anyone seen this issue and what would cause this? Also, is there a fix?
Do an nslookup and see which dns server is used. If it’s not the dns server you set via sslvpn, it might be the wired nics dns.
I’ve had to set the vpn interface metrics to 1 in the past
We had a similar issue, and I’ve heard that this is a known issue right now. One office was denying DNS for some, but not all, traffic. We had to set up a First-Run rule to allow all outbound DNS traffic, and then that cleared up the issue. It’s not an ideal fix, but it’s working right now. Only happened on one of our Fireboxes, so it was even more bizarre.
This. I usually start nslookup from cmd. It tells you what DNS server it uses to resolv. If it’s not the one you want then the interface metric is not right. You want the VPN interface to have the lowest metric. Start powershell and enter: Get-NetIPInterface
You can change the interface metric with: Set-NetIPInterface -InterfaceIndex -InterfaceMetric
Number is the same interface number that Get-NetIPInterface shows for you VPN interface. could be somehting like 5 or 1.
Now if you start nslookup again you should have your network DNS server as resolver.
We always remove DNS servers from all NICs that we find. Our Network Engineer has reminded me of a great workaround, which is to add each IP address with the corresponding names we use to the host file.
I’m surprised any network engineer is still saying modify the hosts file.
What settings do you have on your SSL VPN config in the General tab; routed or bridged? Are you forcing all traffic through the tunnel? What about the DNS tab, do you have your domain and DNS servers set?
Only problem I’ve ever seen with this is when a non-domain joined PC connected to the VPN, they would have to specify the full FQDN computer.domain.tld or whatever to connect via RDP or File Server etc. we are also forcing all traffic through the tunnel.