10/24/2022 0 Comments Ipsecuritas split dns![]() ![]() I'd advise any Mac user to steer clear of the Watchguard XTM-2 series. A firewall is deployed in the remote office, and an IPSec tunnel is built to. ![]() Yes, I have been in contact with Watchguard about these problems. You need to provide internal DNS servers for internal. So, every time I make a change, I have to go back into the SSL VPN group and re-add everyone that needs access. Any time you make a change to the SSL VPN settings, it clears all of the users from the group that allows SSL VPN access. Here's a particularly annoying bug I discovered yesterday. So, you have to be really careful to make sure everything is there before you click "save" to make sure you're actually doing what you think you are. Sometimes it displays the whole page, but doesn't propagate all of the settings. It's all Flash, which looks real purty, but kind of sucks when it comes to actually, you know, WORKING. Second, the web management interface is extremely wonky. IPSECURITAS SPLIT DNS WINDOWS(By the way, it works just fine on Windows SSL VPN clients, so I know it's not a config error on the firewall.) How something this basic got by their QA department is totally beyond me. Watchguard has confirmed that this is a bug, but they cannot commit to a time frame for a fix. It then will respond to DNS requests for internal hosts only - that is to say, it breaks name resolution for anything outside the VPN. The moment you establish the tunnel, it overwrites your DNS settings with the nameserver for the secure network. It connects up just fine, but split DNS is broken. I really wanted to love it, because it's a lot of promised functionality for a great price, but I'm extremely disappointed in this purchase.įirst of all, the SSL VPN does not work correctly on a Mac. Do not buy Watchguard if you need Mac support. Well, here we are a few weeks later, and I'm reporting in as promised.Īnd the verdict is. That being said, I'm happy to report I have no coexistence issues. I do find myself disappointed that a standard hasn't developed for delivering an SSL/TLS VPN that would permit use of a single, possibly OS integrated, client. VPN delivered over TCP 443 are really quite convenient as some places (companies, hotels, etc) limit outbound ports, including UDP/TCP 5 preventing IPSEC negotiation. I'm still trying to pin this down as it's a pain for my clients. The biggest issue I have is that the NetExtender client doesn't always correctly set the appropriate DNS server or search domain, so name resolution doesn't always work as expected. They're all effective with few to no issues. Heres the relevant data from my ASA device: group-policy vpnpolicy. IPSECURITAS SPLIT DNS PROI can't speak to the WatchGuard SSLVPN solution, but I use Cisco An圜onnect SSLVPN, SonicWALL NetExtender SSLVPN (both with their SMB SSLVPN appliances and their firewalls), and SonicWALL's Aventail Connect with their enterprise SSLVPN appliances all on a weekly basis with my 2009 17" MacBook Pro running Snow Leopard. I have a MacOS X IPSec client that isnt receiving the split-dns setup from my ASA 5505. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |