?
Solved

Sonicwall SSL-VPN DNS bookmarks do not seem to work

Posted on 2014-03-12
8
Medium Priority
?
1,409 Views
Last Modified: 2014-05-06
Hello all,

I am running a Sonicwall SSL-VPN2000 appliance.  I have a number of bookmarks that do RDP (Both Java and Active X)

When I put the IP address of the device in the bookmark, I can connect to the end device just fine.  When I put in the DNS name into the bookmark, I can not connect.

I have looked at the DNS settings in the Sonicwall and they are correct.  When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.

Seems strange but this is what I am seeing.  Any ideas?

TIA

Tom
0
Comment
Question by:thafemann
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39925466
It's the VPN client that needs to be able to resolve the DNS, not the appliance itself.

When you connect to the VPN from a client computer, are you able to resolve DNS for the RDP server? If not, you may need to change the DNS servers given to your VPN clients.
0
 

Author Comment

by:thafemann
ID: 39925481
We are not using the VPN client.  We are using the Bookmark feature, which is a web vpn portal.  
As I shared, IP addresses work, DNS addresses do not work.  :(
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925490
The web VPN portal uses the NetExtender SSL VPN client. The bookmark feature still requires the client machine to have correct DNS servers set to resolve your DNS addresses.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:thafemann
ID: 39925508
Ok, but isn't the appliance DNSpassed thru to the clients?  The device itself can do appropriate DNS resolution and even trace route by name. Is there another place to set DNS?
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925557
Open your NetExtender client when connected to the VPN and click on the "DNS" tab. Are the correct DNS servers set?

Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")
0
 

Author Comment

by:thafemann
ID: 39926090
Thanks for replying.  I do not have the NetExtender client on my machine.  When I login to the web portal, we do not have the client install to the workstation.  We only use the web interface, no client.

Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into.  As soon as we use a DNS name, we can not connect.

I have looked on the SSL-VPN appliance itself.  All the places that I see the DNS settings are set correctly.  

One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!
0
 

Author Comment

by:thafemann
ID: 39926106
When I am connected to the web portal, and I am able to connect to a server via RDP, I opened a command line to see what I could ping.

I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).  

It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.

When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions.  I don't even have these sections turned on.
0
 
LVL 8

Accepted Solution

by:
N-W earned 1000 total points
ID: 39933137
Yes, that's right. The VPN appliance does application offloading for services that are bookmarked so you don't actually have VPN access to the internal network itself.

If you would like VPN access to the network, you need to enable NetExtender and use your bookmarks through it. This way you'll be able to ping the servers and resolve both DNS/NetBIOS.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month15 days, 9 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question