- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Using DNS proxy to manage the firewall using a domain name on internal subnets
10/14/2021 
21 People found this article helpful
92,646 Views
Description
For compliance purposes we usually get a signed certificate from a CA and use the domain name on the certificate to be bound with the WAN address of the firewall. We can then successfully access the firewall using the domain name mentioned on that certificate when outside the network.
But, while managing the firewall from LAN, you cannot use the same domain name as it points to an external address. This method helps you in achieving the same for any internal subnets.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
If you have an internal DNS server, you can easily create an A record for the domain name and associate that to the firewall’s IP address and manage the firewall using the domain name internally.
But if you do not have an internal DNS server, the only option is to modify the host file entry on every machine so that the domain name resolves to the firewall’s IP address. But, if you have a mobile device that needs to leave the network, it will create issues when you would like to access the Public domain over the Internet.
We can use DNS proxy and solve this problem very easily.
Let us assume that the domain we are using for the firewall is sonicwall.firewall.com and would like to use this when accessing the firewall on X0 subnet.
- Enable DNS proxy globally and on the internal interface you would like to use this on.
- To enable it globally Navigate to Network |DNS| DNS Proxy.
- To enforce it on a specific interface, click on the configure button of the interface and check the ‘Enable DNS Proxy’ checkbox on the Advanced tab.
- Set the DHCP appropriately so that it uses the SonicWall as the primary DNS server. You can by navigating to Network | System | DHCP Server| DHCP server lease scopes. Select the appropriate Dynamic lease scope and make the changes on the DNS/WINS tab. You would need to do this change on your internal DHCP server if you are not using the SonicWall as the DHCP server for that specific interface.
- Add the following entry on the ‘Static DNS Proxy Cache Entries’ in the DNS proxy tab.
- You can now use the domain name sonicwall.firewall.com to login to the firewall when present on X0 subnet
NOTE: You can also ping and SSH into the firewall using the same domain name. This makes the management a little easier as domains are always easier to remember than IP addresses.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
If you have an internal DNS server, you can easily create an A record for the domain name and associate that to the firewall’s IP address and manage the firewall using the domain name internally.
But if you do not have an internal DNS server, the only option is to modify the host file entry on every machine so that the domain name resolves to the firewall’s IP address. But, if you have a mobile device that needs to leave the network, it will create issues when you would like to access the Public domain over the Internet.
We can use DNS proxy and solve this problem very easily.
Let us assume that the domain we are using for the firewall is sonicwall.firewall.com and would like to use this when accessing the firewall on X0 subnet.
Enable DNS proxy globally and on the internal interface you would like to use this on.
- To enable it globally Navigate to Manage | Network | DNS Proxy
- To enforce it on a specific interface, click on the configure button of the interface and check the ‘Enable DNS Proxy’ checkbox on the Advanced tab
2. Set the DHCP appropriately so that it uses the SonicWall as the primary DNS server. You can by navigating to Manage | Network | DHCP Server. Select the appropriate Dynamic lease scope and make the changes on the DNS/WINS tab. You would need to do this change on your internal DHCP server if you are not using the SonicWall as the DHCP server for that specific interface.
3. Add the following entry on the ‘Static DNS Proxy Cache Entries’ in the DNS proxy tab.
4. You can now use the domain name sonicwall.firewall.com to login to the firewall when present on X0 subnet
NOTE:You can also ping and SSH into the firewall using the same domain name. This makes the management a little easier as domains are always easier to remember than IP addresses.
Related Articles
- Parserror on Event logs.
- Switch from the Policy mode to classic mode on Gen 7 appliances
- Analyzing TCP reset(RST)packets
YES
NO