noc_aba Posts: 20  Freshman Member
First Anniversary 10 Comments
edited April 2021 in Security

When a Windows client establishes a VPN SSL connection to ATP500/800, via Secuextender, usually it takes the DNS server IP configured on the ATP. But not always. When it does not, and it keeps the DNS server IP received from the home route, the client is unable to access remote LAN resources by name. I couldn't find a pattern, it seems it happens randomly.

In these days of COVID19 a lot of persons work from home, so we had the chance to observe many cases as above.

Did anybody else see this problem ? Any suggestion how to fix it ?

many thanks


All Replies

  • Ian31
    Ian31 Posts: 166  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    On windows 10, if you are using split tunnel instead of forwarding all traffic into the tunnel.

    The DNS query priority is based on the metric of interface.

    Here the MS-DOS mode command to show the metric value of all interfaces.

    c:/> netsh interface ipv4 show interfaces

    In my example,

    The VPN interface is "Ethernet 2" with metric 55, and the local wireless interface is "Wi-Fi" with metric 40. Local wire interface is "Ethernet" with metric 5.

    So that I need to change the VPN interface metric small than "5" to get higher priority.


  • noc_aba
    noc_aba Posts: 20  Freshman Member
    First Anniversary 10 Comments

    many thanks, I will check it out


Security Highlight