Skip to main content
DaveRattenbury
DaveRattenbury
New Member
August 8, 2024
Question

Issue between Fortigate Firewall DHCP and Windows DNS

  • August 8, 2024
  • 2 replies
  • 3068 views

Hi All,

So have a strange problem. We recently started testing Entra Only computers (we use hybrid AD computers currently)

In our old setup

Computers connected to LAN - IP address updated in DNS

Computers connected via SSL VPN (Forigate) - IP address updated in DNS

In Our new setup

Computers connected to LAN - IP address updated in DNS

Computers connected via SSL VPN (Forigate) - IP address NOT updated in DNS

I cannot work out why. I have checked the following.

DNS will accept dynamic updates

The fortigate SSL network adapter is set to register with DNS and the correct servers.

Any ideas what else could be causing this? As we move forward with the roll out of Entra / Azure AD computers this will become more of a problem.

Thanks

2 replies

DaveRattenbury
DaveRattenburyAuthor
New Member
August 8, 2024

Hi @alicejeans 

 

Thanks for your reply.

VPN Adapter Configuration: Ensure the FortiGate VPN adapter is configured to register DNS updates correctly. - It is

 

DNS Registration Settings: Verify that the VPN clients are configured to update DNS records. Sometimes, specific settings or policies might prevent updates from being sent.

I can't see any policy on any of these Entra PC's

 

Network Configuration: Check if there are any specific firewall rules or network settings on the FortiGate that might be blocking or interfering with DNS update requests.

This is the only area I am not sure on. Though to be fair we cannot see anything blocked on the forti analyzer.

 

DNS Server Logs: Review DNS server logs to see if there are any errors or blocked update attempts.

Cannot see anything on the DNS server to indicate any problems. 

 

As I said in my original post it works absolutely fine for Hybrid devices (on-prem AD) but not for Azure only devices.

hbac
Staff
hbac
Staff
August 8, 2024

Hi @DaveRattenbury,

 

Please check the firewall policy on FortiGate and make sure there is no inspection for traffic from SSLVPN clients to the DNS server. I assume SSLVPN client computers are domain joined with Azure AD? You can also take packet captures for more information. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Packet-Capture-on-FortiOS-GUI/ta-p/194444

 

Regards, 

    cc92
    cc92
    Visitor III
    September 12, 2024

    Hi @DaveRattenbury 

     

    Have you tried this:

     

    Configure DDNS update override in FortiGa... - Fortinet Community

    Terms & ConditionsAccessibility statement