Troubleshooting Tip: After connected to IPsec VPN,...

FortiClient

FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.

Article Id 391208

Description

This article describes how to resolve the issue when FortiClient iOS cannot resolve internal DNS after connecting to an IPsec VPN.

Scope

FortiClient iOS v7.4 and above

Solution

Pre-requisite: Steps below will be useful when it is already tested that internal DNS works fine on FortiClient Windows, but it is not working properly in FortiClient iOS.

Sample IPsec VPN configuration:

config vpn ipsec phase1-interface
edit <IKEV2 TUNNEL NAME>
set ike-version 2
set type dynamic
set mode-cfg enable
set dns-mode manual
set ipv4-dns-server1 10.10.10.10

end

The above DNS server configuration would work fine for FortiClient Windows, but not for FortiClient iOS. Due to iOS limitations, 'set internal-domain-list' is compulsory for FortiClient iOS to resolve internal DNS:

config vpn ipsec phase1-interface
edit <IKEV2 TUNNEL NAME>
set ike-version 2
set type dynamic
set mode-cfg enable
set dns-mode manual
set ipv4-dns-server1 10.10.10.10
set internal-domain-list domain1.com domain2.com domain3.com <-----

end

After configuring 'internal-domain-list', FortiClient iOS can now resolve internal DNS. In this example, it could resolve FQDNs such as abc.domain1.com or companyA.domain2.com.

1093

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: After connected to IPsec VPN, FortiClient iOS cannot resolve internal DNS

You are leaving our website