Skip to main content
micant
micant
New Member
May 14, 2023
Solved

Forticlient MAC - DNS not resolving internal hostnames

  • May 14, 2023
  • 5 replies
  • 19832 views

Probably since thursday when our VPN (Forticlient 7.0.7.0245) is connected we have assigned local DNS but when trying to access or ping some internal services/servers it doesnt resolve. 

Tried using command below and got our local DNS server

scutil --dns | grep 'nameserver\[[0-9]*\]'

when I use nslookup with hostname it also does resolve to IP. 

Any ideas what could be wrong?

 

Thanks,

Best answer by srajeswaran

I believe you are hitting the known issue

863431 On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues

The fix is expected in upcoming Forticlient versions.

5 replies

AEK
SuperUser
AEK
SuperUser
May 14, 2023

I guess scutil --dns shows some DNS servers before the one that was added by VPN.

If the first DNS server respond with "record not found" then I think the host will not send the request to the remaining DNS server. It will only send to the second if the first doesn't respond at all (DNS server down).

AEK
micant
micantAuthor
New Member
May 18, 2023

We tried different versions of Forticlients 6.4.9.1460, 7.0.7.0245 and 7.2.0.0655 and none of them was working.

Tried to erase all data and settings. Tried to downgrade macOS to Catalina (10.15.7) and it worked, then upgraded to Monterey 12.6.5 and it was working. When upgraded to Ventura 13.3.1 DNS was no longer resolving hostnames.

 

Seems like issues is macOS version related (macOS Ventura) and hostnames cannot be resolved.

srajeswaran
Staff
srajeswaranAnswer
Staff
May 18, 2023

I believe you are hitting the known issue

863431 On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues

The fix is expected in upcoming Forticlient versions.

jpfigueira
jpfigueira
New Member
August 3, 2023

I had the same issue.

  1. Look for the vpn.plist file (something like this /Library/Application Support/Fortinet/FortiClient/conf/vpn.plist)
  2. Open it ("sudo vim /Library/Application Support/Fortinet/FortiClient/conf/vpn.plist")
  3. Change the property "InheritLocalDNS" from 0 to 1
  4. Save and close

Worked for me. (v7.0.9)

    Kefir
    Kefir
    Visitor III
    March 7, 2024

    Thanks bro! You saved my day! 

     

    Best! 

    mgoswami
    Staff
    mgoswami
    Staff
    August 3, 2023

    Hi,

     

     

    Double-check the local DNS server address you have assigned. Make sure it is correct and accessible. You can do this by running the following command in the command prompt or terminal:

     

    ifconfig -a

    BR,
    Manosh
    CatInHat
    CatInHat
    Explorer
    March 29, 2024

    The problem may be that the VPN server is not forwarding DNS requests for internal services and servers correctly. Check your VPN settings to ensure that DNS queries are correctly forwarded to your local DNS server. It's also worth checking that internal services and servers have the correct DNS records and are accessible through the VPN.

    Terms & ConditionsAccessibility statement