Solved

Sonicwall SSL-VPN DNS bookmarks do not seem to work

Posted on 2014-03-12
8
1,293 Views
Last Modified: 2014-05-06
Hello all,

I am running a Sonicwall SSL-VPN2000 appliance.  I have a number of bookmarks that do RDP (Both Java and Active X)

When I put the IP address of the device in the bookmark, I can connect to the end device just fine.  When I put in the DNS name into the bookmark, I can not connect.

I have looked at the DNS settings in the Sonicwall and they are correct.  When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.

Seems strange but this is what I am seeing.  Any ideas?

TIA

Tom
0
Comment
Question by:thafemann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39925466
It's the VPN client that needs to be able to resolve the DNS, not the appliance itself.

When you connect to the VPN from a client computer, are you able to resolve DNS for the RDP server? If not, you may need to change the DNS servers given to your VPN clients.
0
 

Author Comment

by:thafemann
ID: 39925481
We are not using the VPN client.  We are using the Bookmark feature, which is a web vpn portal.  
As I shared, IP addresses work, DNS addresses do not work.  :(
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925490
The web VPN portal uses the NetExtender SSL VPN client. The bookmark feature still requires the client machine to have correct DNS servers set to resolve your DNS addresses.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:thafemann
ID: 39925508
Ok, but isn't the appliance DNSpassed thru to the clients?  The device itself can do appropriate DNS resolution and even trace route by name. Is there another place to set DNS?
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925557
Open your NetExtender client when connected to the VPN and click on the "DNS" tab. Are the correct DNS servers set?

Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")
0
 

Author Comment

by:thafemann
ID: 39926090
Thanks for replying.  I do not have the NetExtender client on my machine.  When I login to the web portal, we do not have the client install to the workstation.  We only use the web interface, no client.

Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into.  As soon as we use a DNS name, we can not connect.

I have looked on the SSL-VPN appliance itself.  All the places that I see the DNS settings are set correctly.  

One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!
0
 

Author Comment

by:thafemann
ID: 39926106
When I am connected to the web portal, and I am able to connect to a server via RDP, I opened a command line to see what I could ping.

I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).  

It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.

When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions.  I don't even have these sections turned on.
0
 
LVL 8

Accepted Solution

by:
N-W earned 500 total points
ID: 39933137
Yes, that's right. The VPN appliance does application offloading for services that are bookmarked so you don't actually have VPN access to the internal network itself.

If you would like VPN access to the network, you need to enable NetExtender and use your bookmarks through it. This way you'll be able to ping the servers and resolve both DNS/NetBIOS.
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question