Skip to main content
connect555
connect555
New Member
February 4, 2016
Solved

DNS Requests -> Forwarding Proxy

  • February 4, 2016
  • 2 replies
  • 15044 views

Hi, we´re switching from MS FTMG to FortiGate with Explicit Web Proxy and a "Web Proxy Forwarding Server". The MS FTMG sends all DNS-Request to the configured 'Upstream Proxy'. How can i configure this Option on a FortiGate? Opening a Website results in '504 DNS look up failed'. Using a local DNS-Server is not an Option. There is no Webfilter configured.

    Best answer by pavol_jaco

    I have opened ticket for this problem. Guess what... it is normal and as per design :)

    Of coarse this is absolutely wrong design. You dont need to resolve anything via DNS when using proxy. As support said, this is simply not yet implemented feature in FortiOS.

    2 replies

    40netter
    40netter
    New Member
    February 1, 2018
    Does anybody have a solution to this. We have the exact same problem here. Even though the requests are meant to be forwarded to the parent proxies it seems like the Fortigate tries to do dns resolution on the hostnames, which, ofcourse, fails since the internal DNS server only knows about names in the lan. Any way of disabling dns resolution when forwarding requests would be really helpful.
    pavol_jaco
    pavol_jacoAnswer
    New Member
    September 20, 2018

    I have opened ticket for this problem. Guess what... it is normal and as per design :)

    Of coarse this is absolutely wrong design. You dont need to resolve anything via DNS when using proxy. As support said, this is simply not yet implemented feature in FortiOS.

    connect555
    connect555Author
    New Member
    April 22, 2019

    Any update to this behavior?

    FortiOS 6.2? mhmh?

    sw2090
    SuperUser
    sw2090
    SuperUser
    April 24, 2019

    hm you could to two things:

     

    a) set the FGT system DNS to your DNS Proxy. Enable DNS Databse Feature on your FGT and configure a DNS Forwarder on the FGT for the interface you need on.

    b) let DHCP do it for you. Letzt the FGT be DHCP Server on the interface you need and set the DHCP Server to hand out the proxy as DNS to the Clients.

    fida_khan
    fida_khan
    New Member
    July 11, 2021

    Hi All,

     

    has anyone found resolution to this issue? if yes then what was the fix as we are currently having the same issue.

     

    Regards,

    Fida

    sw2090
    SuperUser
    sw2090
    SuperUser
    July 12, 2021

    as said you can use the FGT as DNS Server for your clients and set the FGT to do DNS forwarding to your proxy.

    DNS Forwarding on FortiOS can be configured per interface. The feater in gui is just not enabled by default. So enable "DNS Datbase" in Feature View to have it in gui.

    Terms & ConditionsAccessibility statement