Troubleshooting Tip: Workaround for default configuration item delete
Description
This article explains how to delete the configuration item that is causing issues with normal operation of the device.
In this case, it concerns FortiGate sending DNS traffic every second.
Solution
Issue Observed:
FortiGate (firmware version 5.6, 6.0, 6.2) shows System -> Network -> DNS as timeout value high and constantly sends the dns traffic for the fqdn present in default configuration though not used/referenced anywhere.
FQDN object softwareupdate.vmware.com and others are being queried from FortiGate internal process every second and is overwhelming dns. This can be verified from sniffer 'diag sniff packet any 'port 53' 6 0 l'
Deleting these default fqdn objects is not being allowed from FortiGate .
This article explains how to delete the configuration item that is causing issues with normal operation of the device.
In this case, it concerns FortiGate sending DNS traffic every second.
Solution
Issue Observed:
FortiGate (firmware version 5.6, 6.0, 6.2) shows System -> Network -> DNS as timeout value high and constantly sends the dns traffic for the fqdn present in default configuration though not used/referenced anywhere.
FQDN object softwareupdate.vmware.com and others are being queried from FortiGate internal process every second and is overwhelming dns. This can be verified from sniffer 'diag sniff packet any 'port 53' 6 0 l'
Deleting these default fqdn objects is not being allowed from FortiGate .
Normally, it is not possible to delete the unwanted fqdn objects though it shows unreferenced under the options 'config firewall wildcard-fqdn custom' and is in default configuration.
Workaround is to delete the unwanted config items from backup of config and upload as detailed below:
1) Backup the configuration of the FortiGate unit from current firmware:
Go to: (Top Right) Admin -> Configuration -> Backup
Save to a location on computer drive.
2) Edit the saved configuration and delete the 'softwareupdate.vmware.com' doing a search all occurrences of it.
Delete it from the profiles as below:
Find the configuration line :# config firewall ssl-ssh-profileLook for# deep-inspectionDelete references of 'softwareupdate.vmware.com'
Look under location:# config firewall wildcard-fqdn custom <----- enter this search text
Then delete all the FDQNs that are not used for the configuration.
3) Save the text configuration as a backup.
4) Upload this backup configuration to the FortiGate unit by going to:
Admin -> Configuration -> Restore -> Upload
Select the modified config file
Click 'OK' to upload
Run the sniffer capture again and it should not send queries for deleted objects.
Note: This is to be used with caution on case to case basis.