FortiAP: Manipulate DNS to resolv to internal IP

Forum|Forum|8 years ago
September 11, 2017
1 reply
6500 views

Hi,

is there a possibility to manipulate the DNS lookup for one FQDN (for specific SSIDs) to resolv to an internal address (LAN-Port)? All other adresses should resolve via public DNS.

The policy works, but I have to manipulate the DNS-lookups.

I think I will have to activate the fortigate DNS-Server?

I don't want to use the hosts file on the clientside.

5.4

ede_pfau

SuperUser

hi,

if the WiFi clients use the FGT as DNS, there is a "DNS translation" feature for this. Basically, the FGT sniffs for DNS requests to this FQDN and exchanges the resolved address. You'll find it in the CLI reference.

mcdanielsAuthor

New Member

Hi,

thanks for your reply.

I solved it that way:

-Activated Fortigate DNS Database

-Set up DNS zone / Primary / Slave / recursive

-Set up Host A Entry for internal DNS lookup

-Applied the settings to the SSID in DNS-Database Settings (DNS Server on Interface -> SSID Name)

-Set DNS-Server-IP for the SSID to use same IP as interface IP.

-Set up a Policy from WLAN-SSID to LAN (IP of device I would like to reach via the DNS).

Works!

ede_pfau

SuperUser

Well done. Quite straightforward once it's done, right?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded