Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulse Connect Secure DNS resolution on External interfacee

SOLVED
Go to solution
ae
New Contributor
‎02-23-2018 01:46:AM
‎02-23-2018 01:46:AM

Pulse Connect Secure DNS resolution on External interfacee

Hi.

 

Trying to configure Pulse Connect Secure appliance to provide remote access for a small environment w/o any internal DNS servers, so it's being configured with some external DNS servers (Google ones) to be accessed via an External interface:

However, while the servers are reachable via ping from the same appliance on the External port:

The same appliance it still unable to resolve anything:

Are there some sort of limitations on DNS quesries form External interface? If not, can this be explaned by some other reason?

 

Thanks.

 

0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions
grafal
Community Manager
Community Manager
‎02-23-2018 07:21:AM
‎02-23-2018 07:21:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

Hello unfortunately what you are trying to do is not possible.

Everything is by design tied to the Internal Port- if there is no route from the Internal Port to the external DNS servers, then the DNS resolution will not work.

The device will not switch to resolving via the external port, there is also no option to decouple the traffic and make it go throu the external port.

 

Hope that clears it up

View solution in original post

zanyterp
Moderator
Moderator
‎02-23-2018 10:18:AM
‎02-23-2018 10:18:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

As grafal mentioned, using DNS it is not possible
As long as the Duo server you are assigned to has a static IP, though, you can use the hosts file to reach it for validation (as long as internet traffic is allowed on the small network)

View solution in original post

0 Kudos
5 REPLIES 5
grafal
Community Manager
Community Manager
‎02-23-2018 04:56:AM
‎02-23-2018 04:56:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

Hello Ae,

 

You have the ports mixed up.

The External Port is not used for resource access thus it also does not handle DNS resolution.

The sole purpose of the external port is to serve as a connection interface for users  connecting externally to the device.

 

Resource access and DNS resolution is handeled by the Internal Port, therefore the DNS servers specified should be reachable via the Internal Port.

 

Hope that helps.

0 Kudos
ae
New Contributor
‎02-23-2018 05:38:AM
‎02-23-2018 05:38:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

Hello.

 

That's the point - we want to use Pulse Connect Secure appliance to remotely access some small isolated remote management network. So Internal interface is connected to this network (that has no DNS servers) and External interface is connected to an uplink to the world and is used by clients to establish a connection to. 

 

We would be fine w/o DNS as such, but we're trying to set up Duo 2-factor auth, so we need to connect to external LDAP server via it's hostname. So the idea was to use some sort of external public DNS for this purpose. Is it not possible?

 

Thanks.

Tags (1)
0 Kudos
grafal
Community Manager
Community Manager
‎02-23-2018 07:21:AM
‎02-23-2018 07:21:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

Hello unfortunately what you are trying to do is not possible.

Everything is by design tied to the Internal Port- if there is no route from the Internal Port to the external DNS servers, then the DNS resolution will not work.

The device will not switch to resolving via the external port, there is also no option to decouple the traffic and make it go throu the external port.

 

Hope that clears it up

ae
New Contributor
‎02-23-2018 07:51:AM
‎02-23-2018 07:51:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

Many thanks, I'd imagine we should think of some other way to achieve this then.

0 Kudos
zanyterp
Moderator
Moderator
‎02-23-2018 10:18:AM
‎02-23-2018 10:18:AM

Re: Pulse Connect Secure DNS resolution on External interfacee

As grafal mentioned, using DNS it is not possible
As long as the Duo server you are assigned to has a static IP, though, you can use the hosts file to reach it for validation (as long as internet traffic is allowed on the small network)
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.