FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description There is internally hosted web site which users need to resolve to local IP when tried to access the IP so FortiGate needs to have a static DNS entry with DNS server database and Users have to get DHCP IP from DHCP server which is again FortiGate.
This article provides information on how to add static DNS entries to resolve domains which are hosted internally and having DHCP as FortiGate to provide range of IP’s to workstations.
Solution Make sure that in Feature visibility, DNS Database is enabled as shown below:
Go to System -> Feature Visibility -> Additional Features -> DNS Database.
Next step is to configure DNS database server with static DNS entries:
Create DNS Service on Interface, where the users send DNS queries, and the mode is 'Recursive':
Next is creating DNS Database and within DNS database to create the DNS static entry as well as shown below:
Once 'OK' s selected, save the settings in DNS and next step is to create DHCP configuration.
Now the workstations behind this interface will get IP from this DHCP range and also with DNS IP which will resolve the static DNS entry in the DNS database resolve as below:
When trying to resolve the domain test.example.com:
Able to resolve the domain with private IP from FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.