Description | This article describes how it is not uncommon to find that the DNS page on FortiOS shows latency in large values or even an unreachable status while users experience no issues with browsing websites or using Hostnames or FQDN (Fully Qualified Domain Name) for different types of traffic. |
Scope | FortiGate - DNS. |
Solution |
One of the common reasons for this issue is that the FortiGate admin has configured multiple FQDN address objects for URLs or hostnames that do not exist anymore, or that may exist but are not used in any firewall policy.
In these cases, FortiOS will still query those host names even though they are not referenced in any other configuration, which causes additional load on the process and leads to higher latency. An easy solution would be to delete the FQDN address objects that are no longer in use. Another possible scenario is cases of internal hosts or devices behind the firewall sending DNS queries for hostnames that do not exist or cannot be resolved, causing the FortiGate to query these domain names such as example.com, mymail.somecollege.edu, etc. In these cases, a closer look at why the internal hosts are sending these queries is necessary, even if only from a security point of view. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.