Contents

Contents ● Fireware Help

Configure DNS and WINS Servers for Mobile VPN with IKEv2

In Fireware v12.2.1 or higher, for DNS and WINS resolution on Mobile VPN with IKEv2 clients, you can select to:

  • Assign or not assign the Network (global) DNS/WINS settings to mobile clients
  • Assign DNS and WINS settings specified in the Mobile VPN with IPSec configuration to mobile clients

For more information about how DNS is used for lookups over a mobile VPN connection, see DNS and Mobile VPNs.

DNS forwarding is not supported for mobile VPN clients.

In Fireware v12.2 or lower, you cannot configure DNS and WINS settings in the Mobile VPN with IKEv2 configuration. Clients automatically receive the DNS and WINS servers specified in the Network (global) DNS/WINS settings on the Firebox. The domain name suffix is not inherited. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list. For information about the Network DNS/WINS settings, see Configure Network DNS and WINS Servers.

To use the Network DNS/WINS settings, from Fireware Web UI v12.2.1 or higher:Closed
  1. Select Network > Interfaces.
    The Interfaces configuration page appears.

Screen shot of the Network Interfaces page, DNS Servers and WINS Servers section

  1. In the DNS Server or WINS Server text box, type the primary and secondary address for each DNS or WINS server.
  2. Click Add.
  3. (Optional) Repeat Steps 2–3 to specify up to three DNS servers.
  4. Click Save.
  5. (Fireware v12.3 or higher) Select VPN > Mobile VPN IKEv2.
  6. In the IKEv2 section, click Configure.
    The Mobile VPN with IKEv2 configuration appears.
  7. (Fireware v12.2.1) Select VPN > Mobile VPN with IKEv2 > Configure.
    The Mobile VPN with IKEv2 configuration appears.

Screen shot of the Networking tab

  1. In the DNS Settings section, select one of these options:

Assign the network DNS/WINS settings to mobile clients

If you select this option, mobile clients receive the first two DNS servers and the first two WINS servers you specify at Network > Interfaces > DNS/WINS. For example, if you specify the DNS server 10.0.2.53in the Network DNS/WINS settings, mobile VPN clients use 10.0.2.53as a DNS server. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list.

By default, the Assign the Network DNS/WINS Server settings to mobile clients setting is selected for new mobile VPN configurations.

Do not assign DNS or WINS settings to mobile clients

If you select this option, clients do not receive DNS or WINS settings from the Firebox.

Assign these settings to mobile clients

If you select this option, mobile clients receive DNS server and WINS server settings you specify in this section. For example, if you specify 10.0.2.53 as the DNS server, mobile clients use 10.0.2.53 as the DNS server.

You can specify up to two DNS server IP addresses and up to two WINS server IP addresses.

  1. Click Save.
To use the Network DNS/WINS settings, from Policy Manager v12.2.1 or higher:Closed
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select the WINS/DNS tab.
    The information on the WINS/DNS tab appears.

Screen shot of the Network Configuration dialog box WINS/DNS tab

  1. In the DNS Servers text box, type the IPv4 or IPv6 address for each DNS server.
  2. Click Add.
  3. (Optional) Repeat Steps 3–4 to specify up to three DNS servers.
  4. (Optional) In the Domain Name text box, type a domain name that a DHCP client appends to unqualified host names.
  5. In the WINS Servers text boxes, type the primary and secondary IPv4 address of the WINS servers.
  6. Click OK.
  7. (Fireware v12.3 or higher) Select VPN > Mobile VPN > Get Started.
  8. In the IKEv2 section, click Configure.
    The Mobile VPN with IKEv2 configuration appears.
  9. (Fireware v12.2.1) Select VPN > Mobile VPN > IKEv2 > Configure.

Screen shot of the Networking tab

  1. In the DNS Settings section, select one of these options:

Assign the network DNS/WINS settings to mobile clients

If you select this option, mobile clients receive the first two DNS servers and the first two WINS servers you specify at Network > Interfaces > DNS/WINS. For example, if you specify the DNS server 10.0.2.53in the Network DNS/WINS settings, mobile VPN clients use 10.0.2.53as a DNS server. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list.

By default, the Assign the Network DNS/WINS Server settings to mobile clients setting is selected for new mobile VPN configurations.

Do not assign DNS or WINS settings to mobile clients

If you select this option, clients do not receive DNS or WINS settings from the Firebox.

Assign these settings to mobile clients

If you select this option, mobile clients receive DNS server and WINS server settings you specify in this section. For example, if you specify 10.0.2.53 as the DNS server, mobile clients use 10.0.2.53 as the DNS server.

You can specify up to two DNS server IP addresses and up to two WINS server IP addresses.

  1. Click OK.

For IKEv2 Mobile VPN clients, the Domain Name specified in the network DNS settings on the Firebox is not used as a domain name suffix. You can manually assign the DNS servers your PC uses for an IKEv2 VPN client connection, and specify the DNS suffix the client computer uses to resolve host names when it is connected to the VPN. For more information, see the Knowledge Base article, Configure DNS settings for L2TP or IKEv2 VPN clients.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search

© 2020 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries. All other tradenames are the property of their respective owners.