Adding DNS Suffix to your SSL VPN

Many times you set up an SSL VPN connection to the office and you try to connect to mail however, even though you are connected to the VPN and using the internal DNS Servers, it will NOT resolve the host name because it is not a FQDN.  To fix this, you will need to add one line to the configuration using the CLI.

In my example, if you ping mail it will not resolve.

mannyfernandez:~$ping mail
ping: cannot resolve mail: Unknown host
mannyfernandez:~$

You can use either the CLI from the GUI, SSH to the Firewall with your favorite SSH client or from the terminal if you are running macOS or Linux.  As you know, I use SecureCRT.

config vpn ssl settings
   set dns-suffix <domain_str> (e.g. myinfoseclab.local)
end

This command will add the domain suffix(es) to the end of the name if it is not a FQDN.

mannyfernandez:~$ping mail
PING mail.myinfoseclab.local (10.1.106.34): 56 data bytes
64 bytes from 10.1.106.34: icmp_seq=0 ttl=63 time=3.282 ms
64 bytes from 10.1.106.34: icmp_seq=1 ttl=63 time=2.867 ms
64 bytes from 10.1.106.34: icmp_seq=2 ttl=63 time=2.338 ms
64 bytes from 10.1.106.34: icmp_seq=3 ttl=63 time=9.064 ms
^C
--- mail.myinfoseclab.local ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.338/4.388/9.064/2.720 ms

You can see on the bottom output that mail.myinfosweclab.local was used because the domain suffix of  myinfoseclab.local  was added to the end of the mail

Hope this helps