Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
sachitdas_FTNT
Staff
Staff

Created on ‎08-28-2024 03:18 AM

Article Id 337017

Troubleshooting Tip: dnsfilter-profile on FortiGate causing FortiSwitches showing offline

Description This article describes the case when FortiSwitches show offline due to the dnsfilter-profile configuration.
Scope FortiGate and FortiSwitch versions 6.4.x, 7.0.x.
Solution

FortiSwitches may show offline on FortiGate after FortiGate or FortiSwitches reboot due to the below configuration on the FortiGate:

 

config system dns-server
    edit "fortilink"
        set mode forward-only
        set dnsfilter-profile "xxxxx" <---
        set doh disable
end

 

Adding the DNS filter allows FortiGate to check the DNS queries (made by the FortiSwitch) against FortiGuard and block those that match a blocked category.

 

Solution:

Remove dns-filter default profile in the DNS server config as it could block some capwap packets sent out of FortiGate.

 

config system dns-server
    edit "fortilink"
        unset dnsfilter-profile
end
349
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.