WatchGuard Support Center

Knowledge Base - Article

 Configure DNS server and suffix settings in IKEv2 and L2TP VPN clients

How do I manually configure the DNS server and suffix settings for IKEv2 and L2TP connections in Windows?

    DNS Servers

    In Fireware v12.2.1 or higher, you can select to:

    • Assign the Network (global) DNS servers to mobile clients
    • Assign DNS servers specified in the mobile VPN configuration to mobile clients
    • Assign no DNS servers to mobile clients

    If you configure the Firebox not to assign DNS servers to mobile clients, you must manually configure DNS servers in the mobile client settings.

    Domain Name Suffix

    You cannot specify a domain name suffix in the Mobile VPN with IKEv2 or Mobile VPN with L2TP settings on the Firebox. IKEv2 and L2TP VPN clients do not use the domain name configured in the Firebox network DNS settings as a suffix.

    If the mobile client must resolve local host names through the VPN, you must manually configure a suffix in the mobile client settings.

    When you configure a DNS suffix, the mobile client adds the suffix to all DNS requests. If there is no response to the first DNS request, the client sends another DNS request without the suffix. For instance, if a client tries to browse to hostname, and the DNS suffix is, the mobile client first tries to resolve

    Manually Configure DNS Server and Suffix Settings for Windows VPN Connections

    To configure DNS server addresses and a DNS suffix for a Windows IKEv2 or L2TP connection:

    1. From the Windows system tray, in the Search Bar, type Control Panel.
      The Control Panel appears.
    2. From the View by drop-down list, select Category.
    3. Click Network and Internet.
    4. Click Network and Sharing Center.
      The Network and Sharing Center appears.
    5. On the left pane, click Change adapter settings.
      The Network Connections window appears.
    6. Right-click the VPN connection for which you want to configure DNS settings.
    7. In the right-click menu, select Properties.
      The VPN Properties window appears.
    8. Select the Networking tab.
    9. Select Internet Protocol Version 4 (TCP/IPv4).
    10. Click Properties.
    11. If you want this connection to use the DNS server addresses provided by the Firebox, skip to Step 15. Otherwise, continue to Step 12.
    12. Select the Use the following DNS server addresses radio button.
    13. In the Preferred DNS server and Alternate DNS server text boxes, type the IP addresses of the DNS servers you want to use for this connection.
    14. If you want to define a DNS suffix for this connection, continue to step 15. Otherwise, click OK twice.
    15. Click Advanced.
      The Advanced TCP/IP Settings dialog appears.
    16. Select the DNS tab.
    17. In the DNS suffix for this connection text box, type the DNS suffix you want to use for this connection. 

    See Also

    Configure DNS and WINS Servers for Mobile VPN with L2TP in Fireware Help
    Configure DNS and WINS Servers for Mobile VPN with IKEv2 in Fireware Help