internal URL not resolve of FortiSASE

Forum|Forum|1 year ago
April 17, 2025
3 replies
1437 views

I created DNS rule for access internal domains from clients but not resolving URLs. How can i troubleshoot the issue?

FortiClient

fabs-net

Explorer III

Hi,

you can't really troubleshoot stuff in FortiSASE like we know from onprem FortiGates.

I would first try to sniff for the DNS traffic, which you should see in the IPsec tunnel to your SPA site.
Then maybe also run a debug to see what's happening with this traffic.

I've heard of a Split DNS issue in new SASE instances which occur if you configured the SPA with BGP on loopback, only support can fix this with a workaround.

KR Fabian

Every packet has a journey.

UdaMAuthor

Explorer III

Thank you @fg_muc for your advice. I'll open support case.

UdaMAuthor

Explorer III

Resolved with help of SASE TAC team.. Resolved by

1. Enable NAT on firewall policy

2. Add tunnel IP to the FW policy

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded