Staff

Technical Tip: SSL VPN instance always uses FortiGuard for all endpoints due to custom DNS not set in full-access profile

Forum|Forum|4 months ago
January 22, 2026
0 replies
76 views

Description

This article describes the possible steps to perform if the SSL VPN instance always uses FortiGuard for all endpoints due to the custom DNS not set in the full-access profile.

Scope

FortiSASE.

Solution

User sets up other DNS in the IMPLICIT DNS RULE.

The SSL VPN client is still showing FortiGuard DNS 96.45.45.45 and 96.45.46.46 after changing the implicit DNS setting.

Workaround: Remove dns-servers from vpn-ssl-web-portal.

config vpn ssl web portal
    edit "full-access"
        unset dns-server1
        unset dns-server2
    next
end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded