FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btey
Staff & Editor
Staff & Editor
Article Id 258239
Description This article describes how to setup DNS Database(Split DNS) for SSL VPN Client.
Scope FortiGate.
Solution

Diagram:

 

Internet ---- <SSLVPN Connection> ------ [Port1]FortiGate[Port3 IP x.x.3.23]----------Internal

 

1) Enable 'DNS Database' from Feature Visibility:

 

Feature Visibility.PNG

 

2) Go to Network -> DNS Server:

 

DNS Server.PNG

 

3) Go to DNS Service on Interface, select 'New',  Add port3 and SSL-VPN tunnel interface:

 

Internal Interface.PNG

 

SSLVPN Interface.PNG

 

DNS Services Interface.PNG

 

4) Go to DNS Database and select 'New':

Configure DNS Zone and Domain Name.

 

DNS Zone.PNG

5) Go to DNS Entries and select 'New':

 

DNS Entry.PNG

 

6) Select 'OK':

 

DNS Zone_ok.PNG

 

7) Go to SSL-VPN Portals, select the respective portal and enable DNS Split Tunneling:

 

Enable Spit DNS.PNG

 

8)  Go to Split DNS, select 'New' and enter the domains and FortiGate port3 interface IP:

 

SplitDNS.PNG

 

9) Create a firewall policy to allow SSL VPN client to access DNS server IP x.x.3.23:

 

fw policy.PNG

10) Connect to FortiClient SSLV PN. Test ping to pc01.labtest.local.

SSL VPN client can now resolve the domain name from FortiGate DNS Database:

 

DNS resolved.PNG

 

 

Contributors