DNS SSL VPN setting

Hi @unknown1020 ,

When you specify "same as client system dns" it will retain the Client's existing DNS settings and FGT will not push the DNS configuration to clients once its is connected to SSL VPN/

https://community.fortinet.com/t5/FortiGate/Technical-Note-SSL-VPN-DNS-resolution-using-same-as-client/ta-p/195930

If you specify a DNS explicitly, it may help you resolve both internal and external hostnames which otherwise won't be possible if using a Local Client side DNS. Maybe you need to access a resource which are internal to your organization using its FQDN after connecting to the VPN which won't be possible if you use a client side DNS.

Best Regards,

Hi @unknown1020,

What is your DNS server on FortiGate? The main difference is if Fortigate using public DNS and you need SSL VPN client to resolve internal DNS then this cannot be done. In this case you need to point to internal DNS server for VPN client to resolve internal FQDN such as AD service.

Regards,
Minh

Hi @unknown1020,

DNS option depends on your network requirements. "Same as client system dns" means VPN clients will continue to use their local DNS obtained from their home wifi/network. In that case, they won't be able to access internal resources behind the FortiGate through the VPN using domain name (only IP address will work). 

If you have a DNS server in your network behind the FortiGate, you can specify it so that users will be able to access internal resources behind the FortiGate through the VPN using domain name/FQDN. That is an advantage. 

Regards,