100F - GPO's not applying on remote site

Forum|Forum|3 years ago
April 18, 2023
1 reply
2782 views

Hello

I am not very knowledgeable Re: router configs

Just want to understand an issue we have.

Just applied a GPO on our internal LAN but apparently the pc's than connect to us via vpn

do not get it applied. All the vpn config was set up by vendor. I believe i am referring to pc's which connect via site to site vpn to our main office

Not sure if it could be a DNS issue which brings me to something I would like to be clear on:

What is the difference (or use of) the network/DNS settings vs the nework/interface settings?

In the former we have the default DNS servers in the latter we specified the internal LAN DNS servers

Thank you

FortiGate

gfleming

Staff

You'll need to use your AD DNS servers for remote VPN clients if you want them to get GPO updates.

You can either use DNS Split Tunneling or better yet just configure the DNS servers in the VPN Client settings. You'll also likely need to add your domain suffix in the CLI as well:

config vpn ssl settings
  set dns-suffix 'yourdomain.com'

MacFortAuthor

New Member

Thank you for replying!

I will try that. Could you please tell me what the difference is in configuring DNS settings in

Network/DNS vs Network/Interface? or when one is used vs the other?

Thank you

gfleming

Staff

Network -> DNS:

Tells the FortiGate which DNS servers to use for its own connectivity (i.e. reaching FortiGuard servers, etc). Or, for endpoints using the FortiGate as a DNS resolver (configured in Network -> DNS servers)

Network/Interface:

I'm not too sure what you're referring to here. Perhaps the DNS server configured under the DHCP Server settings on the Interface? In this case, it's the DNS server assigned to endpoints that are using DHCP to get an IP address from the FortiGate.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded