FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the case when the admin tries to set up DNS-Suffix on an SSL VPN single portal instead of adding the suffix to all DNS portals. This option allows the firewall to add the DNS-Suffix to the network adapter settings on the connected clients using the FortiClient SSL VPN connection also known as SSL VPN tunnel mode.
Scope
Adding DNS-Suffix to the network adapter on a connected SSL VPN client through the SSL VPN tunnel configuration on FortiGate.
Solution
The solution is to add the DNS-Suffix under the 'config vpn ssl web portal' options:
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set dns-suffix "xxx.yyy.com"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
Note that if DNS-Suffix is configured under both the 'vpn ssl settings' and 'vpn ssl web portal' with different values the one that will get installed on the VPN client network adapter is the suffix configured under the 'web portal' options.
