Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ManpreetSingh
Staff
Staff

Created on ‎01-23-2026 01:46 AM

Article Id 427125

Troubleshooting Tip: DNS Resolution not working over Remote Access IPsec tunnel

Description This article describes the issue of DNS resolution not working over a remote access IPsec tunnel. It provides a step-by-step guide to resolving the issue by configuring the DNS suffix in the IPsec Phase 1 interface.
Scope FortiGate.
Solution

To resolve the issue of DNS resolution not working over a remote access IPsec tunnel, follow these steps:

  1. Go to VPN -> IPsec -> Phase 1 and edit the existing phase 1 configuration.
  2. In the phase 1 configuration, enable Unity Support and set the Domain to the desired DNS suffix.
  3. The configuration should look like this:


config vpn ipsec phase1-interface
    edit <name>
        set unity-support enable
        set domain <string>
    next
end

 

  1. After making the changes, disconnect and reconnect the VPN client to test the DNS resolution.

 

By following these steps, the DNS suffix will be configured correctly, and DNS resolution should work as expected for short hostnames over the remote access IPsec tunnel.
Labels:
73
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.