FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hpatel_FTNT
Staff
Staff
Description
This article provides basic troubleshooting to follow when you are not able to access hostname over IPSec VPN tunnel or SSLVPN connection

Solution
If you are not able to access resources across VPN tunnel by hostname, check following steps:

(1)  Make sure to set DNS server properly when configuring SSL or IPsec VPN.  In this example a server .abcd.local which resolves to 10.1.2.3 will be used.

(2)  Make sure that you are able to ping using IP address, ping 10.1.2.3

(3)  Confirm whether you are able to ping using FQDN, ping server.abcd.local.

(4)  Check whether you are able to ping using hostname, ping server.  If you are not able to ping by hostname then we need to add suffix into SSL and IPsec VPN configuration

(5)  Configuring DNS suffix in SSL and IPsec VPN configuration.

For SSL VPN:
# config vpn ssl settings
(settings) # set dns-suffix abcd.local
(settings)# end

For IPsec VPN:
# config vpn ipsec phase1-interface
(phase1-interface) # edit <VPN TUNNEL>
(VPN TUNNEL) # set domain abcd.local
(Dialup) # end
The set domain command will be available only when mode-cfg is enabled.

Contributors