Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
0
Replies

PSA: Umbrella, DNS, and VPN Site to Site tunnels

Lee Dress
Level 1
Level 1

‎11-06-2025 11:25 AM

Hope this helps someone. 

I went through a newly developed issue regarding Site to site tunnels. 

I had to make a new site to site tunnel between two sites. 

I routed all DNS through the tunnel to a DNS server on the other side until I could create a DNS server in the new site. 

I found I could not resolve anything on my domain, but the internet worked. 

I installed Wireshark on the remote site computer and the DNS server in the main site and monitored DNS traffic. 

DNS on the remote computer said it was transmitting to the remote DNS server even had Wireshark replies that said they were from the remote DNS server. The remote DNS server saw NO DNS traffic coming in

long story short, I did not have my local domains excluded from my Umbrella DNS policy in FMC. 

go to Policies / DNS and edit the Default Umbrella DNS Policy 

I added my local domains in the Bypass Domains and DNS traffic properly flows to my local DNS Server. 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents