- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to disable DDNS registration of Tunnel clients
03/26/2020 
2 People found this article helpful
195,127 Views
Description
How to disable DDNS registration of Tunnel clients
Resolution
Feature/Application:
In order to disable DDNS registration of Tunnel clients, you must be running 10.0.2 or later with clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Procedure:
Enabling filtering of DDNS requests for Tunnel Agents
Step 1: Install clt-hotfix-10_0_2-002 and pform-hotfix-10_0_2-004 or newer.
Step 2: Create the file /root/extensions.conf, put the following contents in it:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
EVPN_Disable_DDNS=1
Step 3: Restart EVPN (this will force users to go through a tunnel resumption) with the following command:
/etc/init.d/evpn restart
Verifying DDNS filtering is enabled at the client
Step 1: Ensure your tunnel client is upgraded to the newest version from the client hotfix (version number should be 10.0.2-046 or later).
Step 2: Start up a debug ngutil command prompt window on the client PC:
ngutil -reset -poll -severity=debug > ngutil.txt
Step 3: Launch tunnel, and connect to the appliance.
Step 4: Go back to the ngutil window and press ctrl+c.
Step 5: Open the ngutil.txt in notepad, and search for the string 'ddns'. You should see a log entry like this if filtering DDNS is enabled:
15:35:24.354 I ClientConfig: DisableDDNS 1 And one that looks like this if filtering DDNS is disabled:
15:35:24.354 I ClientConfig: DisableDDNS 0
Disabling filtering of DDNS requests for Tunnel Agents
Step 1: Comment out the line 'EVPN_Disable_DDNS=1' in /root/extensions.conf so it looks like this:
# Disable DDNS in Tunnel Agents (ODT/CT) -- 10/7/2009
#EVPN_Disable_DDNS=1
Step 2: Restart EVPN (this will force users to go through a tunnel resumption):
/etc/init.d/evpn restart
Behaviour with future versions and migration
- All future versions > 10.0.2 will have the ability to automatically migrate this config file and associated settings forward. You should only have to modify /root/extensions.conf once, in which case it will be enabled on future upgrades (10.0.3, 10.5.0, etc.).
- Upcoming releases (10.5.0) will also include the ability to modify the extensions.conf file via AMC.
Tracking ID: 83678
Related Articles
- How to secure Virtual Office portal from all external access
- Lost Admin Password Recovery for SMA500v
- Same syslog source for all SMA devices
YES
NO