Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Created on ‎05-28-2020 07:38 AM Edited on ‎10-19-2023 08:00 AM By Moderator

Article Id 191850

Troubleshooting Tip: DNS resolution over IPsec/SSL VPN

Description

 

This article describes how to troubleshoot when hostname is not accessible over IPsec VPN tunnel or SSL VPN connection.

 

Scope

 

FortiGate.

Solution

 

If resources are not accessible across a VPN tunnel by hostname, try the following steps:

 

  1. Make sure to set up the DNS server properly when configuring SSL or IPSec VPN. In this example, a server .abcd.local which resolves to 10.1.2.3 will be used.
  2. Make sure it is possible to ping IP address 10.1.2.3.
  3. Confirm to the ping using FQDN: ping server.abcd.local.
  4. Check it is possible to ping using the hostname of the ping server.  If it is not, add the suffix into SSL and IPSec VPN configuration.
  5. Configure the DNS suffix in SSL and IPsec VPN configuration.


For SSL VPN:

 

config vpn ssl settings

set dns-suffix abcd.local

end

 

For IPsec VPN:

 

config vpn ipsec phase1-interface

edit <VPN TUNNEL NAME>

set domain abcd.local

end

 

Note:
The set domain command will be available only when 'mode-cfg' and 'unity-support' are enabled. These commands are only available when using IKEv1.

41491
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.