Expose the services via DNS to clients connected via VPN

cmdevops
cmdevops Posts: 8  Freshman Member
First Comment

We have a USG FLEX 100W model firewall and have recently set up VPN, now we would like to set the DNS service of the firewall to expose business services only to the internal LAN and clients connected via VPN.

The services are exposed from the corporate servers and we currently use an external dns service.

We have tried setting the DNS fuznionalities of the USG but it does not work.

Our esisgency is to make the service1.company.com service, exposed by the server at 192.168.0.xxx, available only to the LAN and clients connected via VPN and not expose it to the Internet as it currently is.

How can we do this?

Best regards

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Is your setup IKEv2 with Remote Access (Server Role) and that the IP pool does not conflict with your LAN or clients LAN?

  • cmdevops
    cmdevops Posts: 8  Freshman Member
    First Comment

    We have two VPN connections enabled, one with IKEv2 for Windows clients and the other with IKEv1 (L2TP) for Linux clients.
    I confirm that the address pools do not overlap.

    Best regards

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 17

    From what I can tell on ZLD OS only 3rd party DNS must be used for VPN but what you can do is run a local DNS server and have the VPN point to that.

  • cmdevops
    cmdevops Posts: 8  Freshman Member
    First Comment

    So it is not possible to use the internal dns for clients connected via VPN?
    If I set the DNS options on the USG they will only be used by the clients on the LAN, after configuring the Zyxel as the primary DNS server on the clients.
    Is this correct?

Security Highlight