Solved

Sonicwall SSL-VPN DNS bookmarks do not seem to work

Posted on 2014-03-12
8
1,260 Views
Last Modified: 2014-05-06
Hello all,

I am running a Sonicwall SSL-VPN2000 appliance.  I have a number of bookmarks that do RDP (Both Java and Active X)

When I put the IP address of the device in the bookmark, I can connect to the end device just fine.  When I put in the DNS name into the bookmark, I can not connect.

I have looked at the DNS settings in the Sonicwall and they are correct.  When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.

Seems strange but this is what I am seeing.  Any ideas?

TIA

Tom
0
Comment
Question by:thafemann
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39925466
It's the VPN client that needs to be able to resolve the DNS, not the appliance itself.

When you connect to the VPN from a client computer, are you able to resolve DNS for the RDP server? If not, you may need to change the DNS servers given to your VPN clients.
0
 

Author Comment

by:thafemann
ID: 39925481
We are not using the VPN client.  We are using the Bookmark feature, which is a web vpn portal.  
As I shared, IP addresses work, DNS addresses do not work.  :(
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925490
The web VPN portal uses the NetExtender SSL VPN client. The bookmark feature still requires the client machine to have correct DNS servers set to resolve your DNS addresses.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:thafemann
ID: 39925508
Ok, but isn't the appliance DNSpassed thru to the clients?  The device itself can do appropriate DNS resolution and even trace route by name. Is there another place to set DNS?
0
 
LVL 8

Expert Comment

by:N-W
ID: 39925557
Open your NetExtender client when connected to the VPN and click on the "DNS" tab. Are the correct DNS servers set?

Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")
0
 

Author Comment

by:thafemann
ID: 39926090
Thanks for replying.  I do not have the NetExtender client on my machine.  When I login to the web portal, we do not have the client install to the workstation.  We only use the web interface, no client.

Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into.  As soon as we use a DNS name, we can not connect.

I have looked on the SSL-VPN appliance itself.  All the places that I see the DNS settings are set correctly.  

One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!
0
 

Author Comment

by:thafemann
ID: 39926106
When I am connected to the web portal, and I am able to connect to a server via RDP, I opened a command line to see what I could ping.

I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).  

It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.

When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions.  I don't even have these sections turned on.
0
 
LVL 8

Accepted Solution

by:
N-W earned 500 total points
ID: 39933137
Yes, that's right. The VPN appliance does application offloading for services that are bookmarked so you don't actually have VPN access to the internal network itself.

If you would like VPN access to the network, you need to enable NetExtender and use your bookmarks through it. This way you'll be able to ping the servers and resolve both DNS/NetBIOS.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWALL SIP Transformation Problem 4 91
Sonicwall SSO 11 64
Palo Alto Firewall Startup Page 3 44
need rec's for prioritizing bandwidth for new voip system 12 89
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question