FortiSASE and Microsoft CDN/FrontDoor DNS

Forum|Forum|1 year ago
June 13, 2025
1 reply
466 views

Has anyone managed to solve a problem with FortiSASE (and it's probably the same with Fortigate) where the Fortiguard DNS lookups for the likes of device.autopatch.microsoft.com will return an IP address that matches another service that's hosted in Azure? Which ends up conflicting with policies when you're trying to create explicit ones for MS services and updates, but then random websites get bundled in...?

FortiClient
FortiGate
FortiGuard
DNS
Security profile

sjoshi

Staff

Hi,

You mean once you connect SASE VPN you will get DNS from the SASE and the domain device.autopatch.microsoft.com is being resolved to the IP another service that's hosted in Azure.

Can you sent snap of nslookup post connecting and before connecting the SASE VPN for that domain

Thanks, Salon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded