Hello friends,
I have the two following questions. Perhaps you can help me :-).
1. Is it possivle to configure a specific dns-server for a specific internal domain?
I need it to resolve internal FQDNs like abcde.internal-domain.com
by a dns-server I would like to speficy. The FortiGate-firewall should then pass the dns-requests
for this domain (for example abcde.internal-domain.com) to the dns-server which is resposible
for this domain.
For external FQDNs (for example www.google.de) the dns-servers under "Network" --> "DNS Servers" should be used (for example 8.8.8.8 or 1.1.1.1).
2. Is it possible to configure one side of an ipsec-site2site-tunnel (Fortigate-firewall on bith sides)
as "passive" and the other side as "active"? The goal is to establish an ipsec-tunnel where one side is connected to an lte-connection (mobile network) and the other side is connected to a dsl-connection (static ip address on wan-interface). The Fortigate-firewall on the lte-side should then be configured as the "active" side which initiates the tunnel an the Fortigate-firewall on the side with dsl-connection should be configured as "passive" (which "waits" for incoming connetion of the peer).
Can you help me with these questions? :)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Datax_2502,
I would try to answer the questions with providing documentation:
1. Please check the following KB, master and slave fortigate for a domain:
2. For this setup, you would need to configure IPSec tunnels with aggressive mode (for use of multiple tunnels on same interface, you need to specify a peer ID). The fortigate with static IP will be configured with option in phase 1 with “remote gateway: dialup user” (in your case the passive one), while the fortigate with dynamic IP should use “remote gateway: static IP address” (the "active" fortigate). Please check the documentation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/6896/fortigate-as-dialup-client
Please let me know if the provided documentation helps.
Regards,
Hello Datax_2502,
I would try to answer the questions with providing documentation:
1. Please check the following KB, master and slave fortigate for a domain:
2. For this setup, you would need to configure IPSec tunnels with aggressive mode (for use of multiple tunnels on same interface, you need to specify a peer ID). The fortigate with static IP will be configured with option in phase 1 with “remote gateway: dialup user” (in your case the passive one), while the fortigate with dynamic IP should use “remote gateway: static IP address” (the "active" fortigate). Please check the documentation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/6896/fortigate-as-dialup-client
Please let me know if the provided documentation helps.
Regards,
Hi anikolov,
sorry for my late response.
Thanks a lot for your information. :)
But I still don't understand how to configure the dns-server on the FortiGate-firewall
to resolve external hosts with 8.8.8.8 and the hosts of my internal domain with the dns-server of my active directory.
Could you give an example for that? Or is there any website where I can look up how to configure this setup?
Best Regards
Datax
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1697 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.