Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Prevent 3rd party VPN from changing DNS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Prevent 3rd party VPN from changing DNS

L4 Transporter

I am connecting to a 3rd party vpn, also a palo alto.  How can I prevent the 3rd party vpn from changing the dns servers that I use?

1 accepted solution

Accepted Solutions

I'm not so sure that will work as it will still try to send via tunnel...  you will need a custom gateway config with your required network services and also either split tunnel or access to local network depending on your DNS server location.

 

 

View solution in original post

4 REPLIES 4

Hi @fhewiufhwefhwe ,

 

If you have admin access to the computer you are connecting you can delete the DNS settings configured on the GlobalProtect interface once you connect.

AlexanderAstardzhiev_0-1621327475824.png

After all GlobalProtect is just creating another standard interface, only difference between the GP interface and your physical interface is that GP will use higher priority/metric to ensure any route pointing to the tunnel will take presedence. This priority will affect the DNS server order in which your PC will try to use.

 

The problem with this approach is that you need to do it every time you connect to the VPN. Probably you can script this and just run the script once you connect.

 

The better approach would be to discuss with VPN administrator and ask them if they can create a separate client config for your that does not assign DNS settings.

I'm not so sure that will work as it will still try to send via tunnel...  you will need a custom gateway config with your required network services and also either split tunnel or access to local network depending on your DNS server location.

 

 

Hello,

I'm wondering if you manually set them and leave the IP, Subnet mask, and gateway on dhcp if that will work? I would recommend using a secure DNS provider (either Palo Alto's) or on of the others, some are free. This way its another layer you are protected at.

Regards,

I have ipaddress reservations for the machine, and am using a secure DNS.  It's the 3rd party VPN that is overriding the dns.  The VPN simply exposes an application, change the machine dns based on nslookup, and are not RDPing into another machine.

  • 1 accepted solution
  • 3267 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!