For those of you with Windows DNS Servers, are your forwarding DNS to your Fortigate?

Forum|Forum|8 months ago
October 8, 2025
1 reply
497 views

Hi All,

I am using Windows DNS servers and I initially had it setup to use Google as the external forwarders.

Since all my devices are set to send traffic through my Fortigate, and I had DNS security profile on my firewall policies, I thought that was fine.

However, I recently read a post that said that the Windows DNS server should be set to use the Fortigate as the external forwarding destination, and that the Fortigate should have interface configured under Network > DNS Servers, and then forward to system DNS in order for DNS filtering to work.

Which of these is correct, or best practice? Thanks.

Atul_S

Staff & Editor

Hi Fiona,

Generally, best practice is to have Windows DNS forward to FortiGate, which is configured with internal interfaces and DNS forwarding to system/ISP DNS, and to enable DNS Security in firewall policies. This ensures filtering works as intended.

Thanks,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded