FortiGate fails to resolve hostnames when FSSO polling is configured

Description
When FSSO polling is configured on a FortiGate, hostname resolution may fail.

Reason:
FSSO daemon does not take the domain name from system DNS settings.

Impact:
When the domain name is not included in DNS queries, it can cause excessive requests to be sent.

Scope


Solution
Fortinet recommends configuring the "set default-domain" option when FSSO polling is used.

The default domain is a primary DNS suffix which is used in DNS name registration and DNS name resolution for domain computers.

It can be set  by:
"set default-domain"
command under
"config user fsso-polling"

For example:
config user fsso-polling
    edit 1
        set server "10.10.20.2"
        set ldap-server "LDAP1"
        set default-domain "localdomain.local"
    next
end