Skip to main content
619Hiker
619Hiker
New Member
January 18, 2021
Question

DNS Unreachable - Fortigate 6.2.7

  • January 18, 2021
  • 1 reply
  • 15720 views

We are replacing a Linksys Router with a Fortigate Fos 6.2.7.

I just want to get NAT up and running so our users can get internet access. Later we will be setting up VPN Groups.

Currently, when we switch our ISP modem over to Fortigate everyone loses their internet access.

The problem I can find is on the DNS GUI both DNS servers (from the ISP) are UNREACHABLE.

I have attached my IPv4 Policy for NAT service.

What am I missing here?

    1 reply

    sw2090
    SuperUser
    sw2090
    SuperUser
    January 19, 2021

    your policy sounds right. 

    what do your clients use as DNS Server?

    If they use the FGT as DNS Server you might need to enable DNS Forwarding for the interface.

     

    Yurisk
    SuperUser
    Yurisk
    SuperUser
    January 19, 2021

    Your policy is way too simple to cause such troubles, look more closely at the connectivity between FOrtigate and ISP modem/IPS network.

     

    [ul]
  • Does your Fortigate get default route once connected to new ISP cable modem ( Monitor -> Routing)?
  • Can you ping the default gateway on the ISP side the Fortigate gets? (CLI -> exe ping <IP ADDRESS of DG>)
  • Can you ping from Fortigate 8.8.8.8 (CLI -> exe ping 8.8.8.8) ?
  • Does your Fortigate resolve domains successfully (CLI -> exe ping google.com) ?[/ul]

     

    • andrewbailey
    andrewbailey
    New Member
    January 19, 2021

    Hi 619Hiker,

     

    As Yurisk has said about- check those basic steps first.

     

    Also, are you using DHCP for clients?

     

    I presume you are (for a small network) in which case how have you set up your DNS servers under the DHCP settings for the interfaces your are using?

     

    If you are specifying the "local interface" or "system DNS" in the DHCP settings then you will also need to add a DNS server to the interface. DNS Services on an interface are not enabled by default. See the 6.2.7 cookbook for details here:-

     

    https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/960561/fortigate-dns-server

     

    I have been caught out with this issue myself in a hurry to bring up a Fortigate so worth reading and understanding this reference perhaps?

     

    Good luck- hope that helps.

     

    Kind Regards,

     

     

    Andy.

    Terms & ConditionsAccessibility statement