Feature Request - Conditional DNS Forwarding on Mobile VPN

on Firebox is it possible to set Conditional DNS Forwarding that is very usefull when there is an MS AD. Conditional DNS Forwarding can be used by device connected to a physical interfaces or vlan interfaces.
For device connected via Mobile VPN cannot be possible to use this functionality until you set directly the MS AD as DNS.

Can be possible to request this as new functionality on Firebox?




  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Massimo_R
    It's not possible to modify the DNS settings on the local PC, but we can add DNS servers. SSLVPN will block DNS requests to servers you don't allow if a full tunnel is formed.

    If you're trying to control DNS with the VPN, I'd suggest setting your DNS servers in the SSLVPN advanced setting, choosing a full/forced tunnel, and ensure that there's a rule denying DNS from SSLVPN_Users to the DNS servers you don't want to be used (or all of them.)

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    If you're looking for a mobile DNS solution, DNSWatchGo may be more what you're looking for. You can find more info about that here:


    -James Carson
    WatchGuard Customer Support

  • Note that if you have DNS Watch enforcement enabled, DNS policies in your config are not processed.
    I have been told that there are plans to change this in some future major release.

Sign In to comment.