[IAG] After IAG is installed, intranet users cannot access the Internet – the link load proxy DNS service is connected to the line DNS function.
Problem Description
After the IAG is put into bridge mode, intranet users cannot access the Internet, and direct access is also unavailable.
Effective troubleshooting steps
- The PC ping114 is normal, but ping Baidu cannot be resolved. It is judged that the DNS is abnormal.
- After capturing the packet, we can see that the DNS packet is not forwarded normally after being received by IAG. Instead, it is forwarded by IAG proxy to the DNS service configured on the device. However, the DNS of the device itself cannot be resolved, resulting in network abnormality.
Root cause
Link load – In the advanced settings, the "Proxy DNS service to the line's DNS server" function is enabled
solution
Disable the "Proxy DNS service to the line's DNS server" function, or configure the IAG itself to resolve the domain name properly.
Operation Impact Scope
None
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=23811&isOpen=true