Skip to main content
Lionfresh
Lionfresh
New Member
April 23, 2018
Question

DNS

  • April 23, 2018
  • 1 reply
  • 5797 views

Hello I have an issue with a fortigate 30D thats located at a remote office.

Situation:

one fortigate 60D at HQ with internet con1

one fotigate 30D  with internet con2

VPN connection between the two offices

DNS server is at HQ

Problem: each time the internet gets disconnected at HQ, branch office also lose connection. My bet is because there is no DNS server at Branch to revolve addresses so branch cannot browse.

 

grateful if anyone can help in resolving this issue.

 

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    April 23, 2018

    hi,

     

    depends on the branch config:

    - what is specified for 'system DNS'?

    - where does the route to the system DNS point to - the local internet breakout, or the remote LAN behind the tunnel?

    - how is the remote gateway for the VPN identified - via FQDN or IP address?

    Lionfresh
    LionfreshAuthor
    New Member
    April 23, 2018

    Hi ede_pfau, thanks for your quick response. to answer your questions:

    - what is specified for 'system DNS?  DNS on fortigate 30D are Primary(HQ DNS server) Secondary(public google DNS)

    - Where does the route to the system DNS point to - the local internet breakout, or the remote LAN behind the tunnel?  Primary(HQ DNS server) Secondary(public google DNS)

    - how is the remote gateway for the VPN identified - via FQDN or IP address? via IP address

     

    emnoc
    emnoc
    New Member
    April 23, 2018

    I would use diag debug flow for the GOOG DNS and see if you have a 1> firewall policy 2> and ensure the route is active  during the outage at the HQ. Sounds like your firewall policy might be missing or some other issues

     

    # a quick check is to scan thru the cfg

    #

    show full | grep -f  8.8.x.x

    Terms & ConditionsAccessibility statement