- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to disable DDNS registration of Tunnel clients
03/26/2020 
2 People found this article helpful
43,493 Views
Description
How to disable DDNS registration of Tunnel clients
Resolution
Feature/Application:
In order to disable DDNS registration of Tunnel clients, you must be running 10.0.2 or later with clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Procedure:
Enabling filtering of DDNS requests for Tunnel Agents
Step 1: Install clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Step 2: Create the file /root/extensions.conf, put the following contents in it:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
EVPN_Disable_DDNS=1
Step 3: Restart EVPN (this will force users to go through a tunnel resumption) with the following command:
/etc/init.d/evpn restart
Verifying DDNS filtering is enabled at the client
Step 1: Ensure your tunnel client is upgraded to the newest version from the client hotfix (version number should be 10.0.2-046 or later).
Step 2: Start up a debug ngutil command prompt window on the client PC:
ngutil -reset -poll -severity=debug > ngutil.txt
Step 3: Launch tunnel, and connect to the appliance.
Step 4: Go back to the ngutil window and press ctrl+c.
Step 5: Open the ngutil.txt in notepad, and search for the string 'ddns'. You should see a log entry like this if filtering DDNS is enabled:
15:35:24.354 I ClientConfig: DisableDDNS 1 And one that looks like this if filtering DDNS is disabled:
15:35:24.354 I ClientConfig: DisableDDNS 0
Disabling filtering of DDNS requests for Tunnel Agents
Step 1: Comment out the line 'EVPN_Disable_DDNS=1' in /root/extensions.conf so it looks like this:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
#EVPN_Disable_DDNS=1
Step 2: Restart EVPN (this will force users to go through a tunnel resumption):
/etc/init.d/evpn restart
Behaviour with future versions and migration
- All future versions > 10.0.2 will have the ability to automatically migrate this config file and associated settings forward. You should only have to modify /root/extensions.conf once, in which case it will be enabled on future upgrades (10.0.3, 10.5.0, etc.).
- Upcoming releases (10.5.0) will also include the ability to modify the extensions.conf file via AMC.
Tracking ID: 83678
Related Articles
- How to secure Virtual Office portal from all external access
- NetExtender users fail to get connected throwing an Error Failed to get vpn protocol on firmware 10.2.1.2 or above due to misconfigured protocol
- Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?
YES
NO