Staff

Technical Tip: Difference between FortiSASE custom DNS settings in public mode and private mode.

Forum|Forum|2 months ago
March 26, 2026
0 replies
94 views

Description

This article describes the difference between public and private mode in FortiSASE DNS settings.

Scope

FortiSASE.

Solution

In FortiSASE, there are two kinds of custom DNS settings:

Address type	Description
Public address	The backend PoP will send the DNS enquiry from the WAN port.
Private address	For local DNS, where the DNS servers are on-prem through the SPA tunnel.

In the private address type, the PoP will force the DNS enquiry over the SDWAN interfaces and use the source IP as loopback if the tunnel uses BGP on loopback. In this case, the DNS will fail if it is set to public.

Additionally, make sure the DNS server supports TLS(TCP/853) if select TLS(TCP/853) in the DNS protocols.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded