Hello
I am not very knowledgeable Re: router configs
Just want to understand an issue we have.
Just applied a GPO on our internal LAN but apparently the pc's than connect to us via vpn
do not get it applied. All the vpn config was set up by vendor. I believe i am referring to pc's which connect via site to site vpn to our main office
Not sure if it could be a DNS issue which brings me to something I would like to be clear on:
What is the difference (or use of) the network/DNS settings vs the nework/interface settings?
In the former we have the default DNS servers in the latter we specified the internal LAN DNS servers
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You'll need to use your AD DNS servers for remote VPN clients if you want them to get GPO updates.
You can either use DNS Split Tunneling or better yet just configure the DNS servers in the VPN Client settings. You'll also likely need to add your domain suffix in the CLI as well:
config vpn ssl settings
set dns-suffix 'yourdomain.com'
Thank you for replying!
I will try that. Could you please tell me what the difference is in configuring DNS settings in
Network/DNS vs Network/Interface? or when one is used vs the other?
Thank you
Network -> DNS:
Tells the FortiGate which DNS servers to use for its own connectivity (i.e. reaching FortiGuard servers, etc). Or, for endpoints using the FortiGate as a DNS resolver (configured in Network -> DNS servers)
Network/Interface:
I'm not too sure what you're referring to here. Perhaps the DNS server configured under the DHCP Server settings on the Interface? In this case, it's the DNS server assigned to endpoints that are using DHCP to get an IP address from the FortiGate.
Hello
Thank you for your reply. Yes I was referring to the DHCP section. So for our relote office location what/where should their DNS settings look like? Should they have Network/DNS and specify our main office internal DNS servers? or do they also need DHCP (dns servers) configured pointing to our main office dns servers?
Thanks
This is a network design question which depends on a lot of factors specific to your own environment. It's kind of over the scope of a Fortinet support forum.
However, yes, setting the DHCP scope of the remote office to include your main office DNS servers will work fine. Assuming of course you have connetivity from the remote office to the main office DNS servers. And keeping in mind you will not have any local DNS resolution if the WAN is down. Again this is a design question you need to consider for your own environment.
FortiGate can act as a DNS server and can use BIND secondaries to sync with your AD DNS for local resolution.
It can also forward on behalf of your clients to your main site DNS servers.
Lots of options. You just need to figure out your design first and then configure the FortiGate accordingly.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.