This article describes how to setup custom DNS hosted zone on AWS and use AWS DNS on FGT to resolve hostnames.
Port1: External (Public) interface that is connected to Internet.
Port2: Internal Interface that is connected to the Private network.
Two subnets are needed for the Lab (AZ can be random).
Window servers are placed in private subnets respectively.
Two route tables are needed for the Lab. (One for public as well as one for private).
Reference to create VPC, Subnets (Subnet Association), Route Table, and Internet Gateway has already been configured and attached to the corresponding Entities:
To create a hosted zone for 'fortinet.com' on Amazon Route 53: follow the below link:
Select the region as well as the VPC.
In Amazon Web Services (AWS), it is possible to configure DHCP option sets for a Virtual Private Cloud (VPC) to provide network configuration settings to instances when they start. These DHCP option sets can include settings such as DNS servers, NTP (Network Time Protocol) servers, domain names, and domain name servers.
Go to VPC -> DHCP option, create a new DHCP option and associate with VPC.
Make sure to use AmazonProvidedDNS as the name server to do not have its own DNS server:
Once the FortiGate instance is running, uncheck 'Override System DNS' for Port1 and change the DNS servers of FortiGate to FortiGuard servers:
Enabling the 'Override Internal DNS' option on any interface in this network will route all DNS requests to AWS DNS servers.