Mobile Clients use the built-in VPN implementation of the mobile operating systems, which requires configuring a default DNS server. So for iOS, IPadOS, Android, and Chrome, you MUST include a default domain or no DNS settings will be applied. (So you could set the default domain to 8.8.8.8 or have a matching domain to some internal server such as 172.10.1.20.)
For more details, see DNS and name resolution section in the AppGate SDP Admin Guide.
This is an example configuration using an internal DNS server with an IP address of 172.10.1.20.
Access to DNS server
You need to validate that your GW can reach the DNS server you want to use
Go to Home --> System --> Appliances
Access the designated Appliance that has the Gateway function enabled
Appliance --> Functions --> Secure Tunnel Settings --> Client Tunneling - Allow Destinations
Field | Value |
Address | 172.10.1.20 |
Netmask Length | 32 |
Network Interface | eth0 |
DNS Entitlement
These steps will guide you in creating a new Entitlement to allow UDP access to your DNS server
Home --> Access -->
Add New
Field | Value |
Name | DNS for Mobile |
Notes | |
Status | Enabled |
Action | |
- Hosts | 172.10.1.20 |
- Protocol | UDP up |
- Ports | 53 |
DNS Policy
These steps will guide you in creating a new DNS Policy to accommodate how mobile devices work.
Home --> Access --> Policies
Add New --> DNS Policy
Field | Value |
Name | DNS for Mobile |
Notes | |
Status | Enabled |
Assignment | os.type is mobile |
DNS Configuration | |
- Match Domain | default |
- DNS Server | 172.10.1.20 |
DNS Entitlement by Name | DNS for Mobile |
The mobile device can support multiple DNS Policies, so if other DNS Policies apply to the session AppGate SDP mobile client can handle that.