Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ncssadmin
New Contributor

redirect dns traffic from inside subnet to external dns

I want to redirect DNS traffic from subnet (inside 10.200.180.0/24) to DNS (outside 184.72.238.58) If a client on the 10.200.180.0 network changes their DNS on their machine to any address like 8.8.8.8 I want that DNS packet to be redirected to 184.72.238.58

 

NEXT

I want to redirect DNS traffic from subnet (inside 10.200.40.0/24) to DNS (outside 184.222.222.58) If a client on the 10.200.40.0 network changes their DNS on their machine to any address like 8.8.8.8 I want that DNS packet to be redirected to 184.222.222.58

 

LAST

If the machine is on the 10.200.10.0/24 subnet I want that DNS to go where ever that clients DNS is set. I don't care if it is 8.8.8.8    4.4.4.4    X.X.X.X just let it go.

 

This works on our ASA but I am new to Fortigate and have trouble finding a solution. If you can show an example that would be extremely helpful.

 

Thanks

SAleff
1 REPLY 1
Yurisk
Valued Contributor

I haven't tested it, but this one should work:

 

  1. Create VIP with external address set to 0.0.0.0 with filter for DNS service
  2. Use it for LAN -> WAN direction security rule.

Here port2 is LAN, port1 is WAN, LAN_10.17. is LAN address. Update us how it goes.

 

VIP for DNS serviceVIP for DNS service

 

 

fortinet-forum-vip1.png

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.