Technical Tip: How to add secondary DNS server in ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 191032

Description

This article describes how to configure a single DNS server IP from the GUI.

Scope

FortiGate.

Single DNS configuration while using the IPSEC wizard tool.

DNS configuration in existing IPSEC tunnel.

Solution

Edit the VPN tunnel from CLI.

config vpn ipsec phase1-interface
    edit <vpn name>
        set dns-mode manual
        set ipv4-dns-server1 3.3.3.3
        set ipv4-dns-server2 4.4.4.4
end

The dial-up VPN client will get 3.3.3.3 as the primary and 4.4.4.4 as the secondary DNS server.

Note: The GUI only displays ONE DNS field.

This field corresponds solely to the Primary DNS
There is no graphical field for the Secondary DNS
FortiGate supports up to 3 DNS servers configured via CLI:

set ipv4-dns-server3

The example above describes a full-tunnel dial-up VPN configuration.

If split tunneling is enabled and internal DNS servers are used, ensure that the configured DNS server IP addresses are included in the accessible (split-tunnel) networks. Otherwise, DNS resolution for internal resources will fail since traffic to the DNS servers will not be routed through the VPN.

6497

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to add secondary DNS server in dialup IPsec VPN setting

You are leaving our website