Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎05-28-2023 10:39 PM

Article Id 258172

Technical Tip: FortiGate is forwarding DNS query for block or ban domain

Description This article describes why FortiGate is forwarding DNS queries for blocking or banning domains to the DNS servers.
Scope FortiGate DNS.
Solution

There are instances that the FortiGate is sending DNS queries to the configured DNS servers for a block or ban domain.

 

In this example, from the packet sniffer, it s possible to see that the FortiGate is querying the DNS server 10.201.2.41 for bansite.com.

 

Below is the FortiGate DNS setting:

 

fgt-dns-setting.PNG

 
 

Below is the Wireshark output:

 

wireshark.PNG

 

This is an expected behavior if a FQDN address object has been configured in the firewall.

 

fqdn object gui.PNG

 

fqdn object.PNG

 

The FortiGate will query the DNS server to resolve the configured FQDN.
717
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.