Technical Tip: Configuring DNS servers per SSL VPN Portal
Description
This article describes how to configure DNS servers differently for different user groups (or tunnels), configure it uniquely for each SSL VPN portal and then assign user groups a unique portal.
Solution
Configuring the DNS servers for individual VPN portal can be done only via the CLI
Firmware version from V5.2 onwards.
If all SSL VPN portals have DNS settings configured, remove the DNS settings at the system level.
This article describes how to configure DNS servers differently for different user groups (or tunnels), configure it uniquely for each SSL VPN portal and then assign user groups a unique portal.
Solution
Configuring the DNS servers for individual VPN portal can be done only via the CLI
Firmware version from V5.2 onwards.
# config vpn ssl web portalIf IPv6 is used with the SSL VPN connection, set the IPv6 DNS address as well on the firewall web portal.
edit <portal>
set dns-server1 <ip4_addr>
set dns-server2 <ip4_addr>
end
# config vpn ssl web portalSpecifying the DNS server settings at the portal level is overriding those at the global level.
edit <portal>
set dns-server1 <ip6_addr>
set dns-server2 <ip6_addr>
end
If all SSL VPN portals have DNS settings configured, remove the DNS settings at the system level.
# config vpn ssl settingsDo it for the IPv6 as well,
unset dns-server1
unset dns-server2
end
# config vpn ssl settings
unset ipv6-dns-server1
unset ipv6-dns-server2
end