Sonicwall SSL-VPN DNS bookmarks do not seem to work

Posted on 2014-03-12
Last Modified: 2014-05-06
Hello all,

I am running a Sonicwall SSL-VPN2000 appliance.  I have a number of bookmarks that do RDP (Both Java and Active X)

When I put the IP address of the device in the bookmark, I can connect to the end device just fine.  When I put in the DNS name into the bookmark, I can not connect.

I have looked at the DNS settings in the Sonicwall and they are correct.  When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.

Seems strange but this is what I am seeing.  Any ideas?


Question by:thafemann
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4

Expert Comment

ID: 39925466
It's the VPN client that needs to be able to resolve the DNS, not the appliance itself.

When you connect to the VPN from a client computer, are you able to resolve DNS for the RDP server? If not, you may need to change the DNS servers given to your VPN clients.

Author Comment

ID: 39925481
We are not using the VPN client.  We are using the Bookmark feature, which is a web vpn portal.  
As I shared, IP addresses work, DNS addresses do not work.  :(

Expert Comment

ID: 39925490
The web VPN portal uses the NetExtender SSL VPN client. The bookmark feature still requires the client machine to have correct DNS servers set to resolve your DNS addresses.
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).


Author Comment

ID: 39925508
Ok, but isn't the appliance DNSpassed thru to the clients?  The device itself can do appropriate DNS resolution and even trace route by name. Is there another place to set DNS?

Expert Comment

ID: 39925557
Open your NetExtender client when connected to the VPN and click on the "DNS" tab. Are the correct DNS servers set?

Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")

Author Comment

ID: 39926090
Thanks for replying.  I do not have the NetExtender client on my machine.  When I login to the web portal, we do not have the client install to the workstation.  We only use the web interface, no client.

Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into.  As soon as we use a DNS name, we can not connect.

I have looked on the SSL-VPN appliance itself.  All the places that I see the DNS settings are set correctly.  

One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!

Author Comment

ID: 39926106
When I am connected to the web portal, and I am able to connect to a server via RDP, I opened a command line to see what I could ping.

I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).  

It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.

When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions.  I don't even have these sections turned on.

Accepted Solution

N-W earned 500 total points
ID: 39933137
Yes, that's right. The VPN appliance does application offloading for services that are bookmarked so you don't actually have VPN access to the internal network itself.

If you would like VPN access to the network, you need to enable NetExtender and use your bookmarks through it. This way you'll be able to ping the servers and resolve both DNS/NetBIOS.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
l2tp tunnel from pc to router 14 105
Palo Alto Networks: Truly No Hit Count? 2 104
Support licences 3 31
SSG50 Firewall Rules 17 44
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question