We are about to embark on a large scale rollout of SSG20's for a homeworking project. The firewalls will establish a VPN tunnel back to the corporate network over ADSL. Everything seems to be looking good in the trials apart from DNS. The DHCP server on the Trusted interface has our private DNS settings set but when the devices are rebooted, these are overwritten by the ADSL DNS settings.
The settings on the devices for the DHCP server are as follows (with some edited for security)
set interface ethernet0/0 dhcp server enable
set interface ethernet0/0 dhcp server option lease 1440
set interface ethernet0/0 dhcp server option gateway 10.1.1.1
set interface ethernet0/0 dhcp server option netmask 255.255.255.248
set interface ethernet0/0 dhcp server option domainname ourdomain.co.uk
set interface ethernet0/0 dhcp server option dns1 195.8.162.82
set interface ethernet0/0 dhcp server option dns2 195.8.160.64
set interface ethernet0/0 dhcp server option custom 129 ip 10.1.1.1
set interface ethernet0/0 dhcp server option custom 128 string "*******"
set interface ethernet0/0 dhcp server ip 10.1.1.2 to 10.1.1.5
unset interface ethernet0/0 dhcp server config next-server-ip
unset interface ethernet0/0 dhcp server config updatable
This is the output from a device that is already ADSL connected and you can see the public DNS servers have been set. If I'd have booted this without being connected to ADSL, the DNS servers would be our private DNS addresses as I'd expect.
It is my understanding that the last two lines of this config are required to stop this update happening but they don't seem to be working, any ideas what I'm doing wrong? It makes no difference if the last two lines are in or not, the problem still happens.