DNS and Mobile VPNs

All network resources in an IPv4 network have an IP address, such as 10.0.2.25. DNS (Domain Name System) allows users to get access to resources by name. When a user attempts to get access to a device by a name, such as www.example.net, the client computer sends a request to its configured DNS server, which returns the IP address associated with that device name. A device name that is linked to one or more IP addresses is known as a hostname.

A hostname that includes the full domain path, such as mail.example.net, is called a FQDN (Fully Qualified Domain Name). Some hostnames, such as mail, do not include the domain path.

How DNS Works Across a VPN

When a Mobile VPN client establishes a VPN tunnel to a Firebox or XTM device, the device assigns a virtual IP address to the client computer. If a DNS server is configured in the network settings or Mobile VPN settings, the Firebox or XTM device also assigns the DNS server address to the VPN client. For Mobile VPN with SSL connections, the XTM device can also assign the VPN client a DNS domain name suffix configured in the Mobile VPN with SSL advanced settings.

If the DNS settings on the Firebox or XTM device specify a domain name, such as example.net, the domain name is added as a suffix to all DNS requests from VPN clients. If there is no response to the DNS request with the added suffix, the device sends a second DNS request without the suffix. For example, if a client tries to browse to hostname, and the DNS suffix is example.net, the device tries to resolve hostname.example.net.

If a domain name is not specified in the DNS settings on the Firebox or XTM device, VPN clients must use a FQDN, such as mail.example.net, to send traffic to a resource.

See Also

About DNS (Domain Name System)

Name Resolution for Mobile VPN with SSL

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base