When users try to go to the URL of a website (or any other application using the DNS provided by the AppGate Controller) using Windows 7&10 clients, the connection fails. Pinging and using 'nslookup' to test connection between the AppGate Gateway and the DNS (internal) server shows connectivity and that it is resolving addresses. Testing on the client shows the internal DNS not responding to pings to it's IP address and a 'nslookup' of one of the internal servers shows the local adapters (or any other adapter) DNS server is being used and is sending back an IP that is not the correct IP of the internal protected server.
Reason
In windows environments, the clients will make a DNS request for an address using whichever connected adapter has a lower index (priority) number. If the name is resolved by the DNS server configured on the adapter, the client will use that address. If the 'Cryptzone TAP Adapter V9' has a lower index number then the local adapter that is connected and has DNS configured the client will send a DNS request for the address to that DNS server, if it gets a response with an IP it will not check any other adapters DNS server. In this case, if the local interface DNS is returning an IP that is not what the internal (configured through AppGate) interface would send.
Resolution
On the client, open the command line prompt and input the command 'netstat -rn'. A table of all the logical interfaces will appear with the adapter names.Find the 'Cryptzone TAP Adapter V9' and check the first number on that line in the table,which is it's index order. Check if the number is greater than the adapter whose DNS server is being used (to find out what interfaces in a connected state use the following command 'netsh interface ipv4 show interfaces' and match the index#numbers to the index numbers's from the 'netstat -rn' table). If the adapter has a lower number then the Cryptzone adapter, the Cryptzone adapter has to set to a lower number so all DNS requests first go through it first.
To change the order:
Find the index number of the interface that is handling the DNS requests.
Go to Control Panel> All Control Panel Items > Network Connections in Windows 10 or Control Panel> Network and Internet > Network Connections. Find the 'Cryptzone TAP Adapter V9' interface, right click and choose properties. In the window choose properties > Internet Protocol Version 4(TCP/IPv4)> Advanced and change the interface metric to a number lower than the interface handling the DNS requests. Click ok on the dialog boxes to complete the changes.
Test to make sure the adapters are handling the DNS requests correctly.