Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VinayHM
Staff
Staff

Created on ‎12-26-2024 07:20 AM Edited on ‎01-02-2025 12:21 AM By Community Manager

Article Id 366928

Technical Tip: FQDN is not resolving correct IP

Description This article indicates that the wrong IP was resolved for FQDN.
Scope FortiGate.
Solution

After checking the IP address resolved by the command:

 

diagnose firewall fqdn list-ip

vfid=0 name=anjumaneshiateali.org ver=IPv4 wait_list=0 timer=6 min_ttl=1261 cache_ttl=0 slot=9 num=1 wildcard=0 rcode=2
162.241.123.49 (ttl=1261:0:0)end

 

DNS Database can be seen with the below command as well which shows the resolved IP address of all the FQDN.

 

dia test application dnsproxy 7

 

Doing nslookup in the PC for the FQDN anjumaneshiateali.org, will not resolve any IP and the FortiGate using private DNS.

 

Solution:

Check with public DNS to determine what IP address the FQDN getting resolved to. Before changing the DNS to public IP, clear the DNS cache on FortiGate by the command:

 

diag test application dnsproxy 1

 

If the FQDN is not resolved to the correct IP, the traffic will hit the implicit deny policy.

 

Note:

Configure the client computer or FortiGate to use the same DNS server if the DNS settings are different. Then, use 'ipconfig /flushdns' to clear the client DNS cache and see whether it fixes the problem.

 

Related article:

Technical Tip: FortiGate Troubleshooting DNS commands
204
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.