Running Fortigate 7.6.2. I would like to set up Shadow DNS server to improve ZTNA proxy queries for a *.example.net proxy. All possible matches for *.example.net can be looked up via our AD DNS servers inside our network. So my question is should I put the DNS service on the WAN interface or should it be on the LAN interface?
The ZTNA users are on the WAN side. The AD DNS servers are on the LAN side.
Not on WAN interface. That will turn it ti public DNS server.
On the other hand, as per my experience it is not possible to access a FG resource via ZTNA, when this FG is the ZTNA server.
https://community.fortinet.com/t5/Support-Forum/Access-FGT-WebUI-through-ZTNA/td-p/335643
If this is confirmed, then the solution would be to use an separate internal DNS server, like configure a DNS server on a new VM.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
