Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
tonylin1
Staff
Staff

Created on ‎01-22-2026 01:30 AM Edited on ‎01-22-2026 01:37 AM By Community Manager

Article Id 427132

Technical Tip: SSL VPN instance always uses FortiGuard for all endpoints due to custom DNS not set in full-access profile

Description This article describes the possible steps to perform if the SSL VPN instance always uses FortiGuard for all endpoints due to the custom DNS not set in the full-access profile.
Scope FortiSASE.
Solution
  1. User sets up other DNS in the IMPLICIT DNS RULE.

 

DNSsetting.png

 

  1. The SSL VPN client is still showing FortiGuard DNS 96.45.45.45 and 96.45.46.46 after changing the implicit DNS setting.

 

userDNS.png

 

  1. Workaround: Remove dns-servers from vpn-ssl-web-portal.

     

 

config vpn ssl web portal
    edit "full-access"
        unset dns-server1
        unset dns-server2
    next
end
16
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.