Split DNS for SSL VPN portals allows to specify which domains are resolved by the DNS server specified by the VPN, while all other domains are resolved by the DNS specified locally.
This article describes this feature.
FortiClient receives this information when the client connects in tunnel mode.
FortiClient will push the DNS servers specified to the client’s computer and all DNS requests will first attempt use this DNS server.
The FortiClient network driver will intercept DNS requests; if they match the split-dns listed, the DNS request will go across the tunnel and be resolved by the specified DNS servers.
If the domain does not match split-dns then the FortiClient network driver will respond to the DNS request with 'no such name' forcing the DNS request to be resolved by the physical adapter DNS.
Add the split DNS Servers IP address in split-tunneling-routing-address in the SSL VPN Web portal and also create the Firewall policy allowing SSL VPN clients to connect to the split-dns servers.
Configure split DNS support for SSLVPN portals from CLI.
Configure split DNS support for SSLVPN portals from GUI.