Tells the FortiGate which DNS servers to use for its own connectivity (i.e. reaching FortiGuard servers, etc). Or, for endpoints using the FortiGate as a DNS resolver (configured in Network -> DNS servers)
I'm not too sure what you're referring to here. Perhaps the DNS server configured under the DHCP Server settings on the Interface? In this case, it's the DNS server assigned to endpoints that are using DHCP to get an IP address from the FortiGate.
Thank you for your reply. Yes I was referring to the DHCP section. So for our relote office location what/where should their DNS settings look like? Should they have Network/DNS and specify our main office internal DNS servers? or do they also need DHCP (dns servers) configured pointing to our main office dns servers?
This is a network design question which depends on a lot of factors specific to your own environment. It's kind of over the scope of a Fortinet support forum.
However, yes, setting the DHCP scope of the remote office to include your main office DNS servers will work fine. Assuming of course you have connetivity from the remote office to the main office DNS servers. And keeping in mind you will not have any local DNS resolution if the WAN is down. Again this is a design question you need to consider for your own environment.
FortiGate can act as a DNS server and can use BIND secondaries to sync with your AD DNS for local resolution.
It can also forward on behalf of your clients to your main site DNS servers.
Lots of options. You just need to figure out your design first and then configure the FortiGate accordingly.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.