Global Protect VPN client holding internal DNS address on Wireless network adaptor

L1 Bithead

Global Protect VPN client holding internal DNS address on Wireless network adaptor

Hi,

 

I am new to PA and having just started in a new role we have an on-going issue with remote workers connecting via VPN.

 

Sometimes when they have finished their VPN session the laptop's wireless adaptor will still have an internal dns IP address in its dns server settings. This means the user cant connect to the internet until they go to the properties of the adaptor and remove thre dns ip address.

 

THis is annoying to the user and they have to have admin rights so they can clear the dns ip.

 

Anyone come accross this bug ?

We are currently using GP client 4.0.0.90

 

 

L6 Presenter

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

the DNS setting within the wifi adapter does not need to change...  unless you require it to do so...

 

have you configured it to do something different in the App section of the portal.

 

look under "Update DNS settings at connect".

 

I have this set to "No" 

L1 Bithead

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

I can see under VPNClientProfile under the App tab the option: "Update DNS Settings at Connect (Windows only) (Deprecated)"

Is set to YES.

 

Is this what you refer to ?

 

Whats the impact of chaging this as once clients connect they would use internal DNS servers to resolve server names for share access ?

 

L6 Presenter

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

yes thats the one...

 

the client traffic will be tunneled down the VPN so it will use the DNS servers allocated to the PAN adapter.

L1 Bithead

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

Ok thanks, that how I thought it should work when connected to the VPN you have virtual NIC that is removed when disconnected.

 

I will try it tomorrow.

L6 Presenter

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

yes thats how it works but it caught me out a while ago.  I used it for the flush dns part but also found that the DNS settings were not put back.

 

even if you rejoin the wifi the users profile still kept the old DNS info.

 

so... set it to "no" and never had an issue since, we do run a few commands on post-vpn-connect and ipconfig/flushdns is one of them.

although i think flushdns is now part of the GP connect/disconnect process....   anyhows... just left it in as does no harm.

 

good luck.

L1 Bithead

Re: Global Protect VPN client holding internal DNS address on Wireless network adaptor

THanks that was the setting. Changed it to no and now works as expected.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!