Hi, im having a trouble on a fortinet 100E which doesnt allow me to resolve DNS i tried with a few publics even private DNS and none of them works actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything but still saying on browser DNS_PROBE_FINISHED_BAD_CONFIG, so now im stuck
because the config is EXACTLY the same of my currently active 80C but doesnt work, could anyone help me ? :(
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The Gate itself doesn't resolve DNS or devices behind the Gate doesn't resolve DNS?
Mike Pruett
when i use the CLI ping to IP google DNS its ok, even in laptops behind the FW are ok, cant remember right now if from the CLI resolve the name , now we're in production where i work so later im going to test again and will update , thanks for your response !
Check config error in the CLI with "diag deb conf read".
It might not harm to re-enter the System DNS. After that, you should be able to "exec ping <name.com>" from the CLI.
If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.
Saintzev wrote:Single question. Are both Fortigates running the same level of code when you copied and pasted?
actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
we'll im back thank you guys for your answers , now i see the only thing i get the DNS resolve is adding MANUALLY the DNS on my computer ( any public dns works ) but i need a way to do it automaticaly, beside this the actual running fortinet 80 does it right but the new one doesnt propagate the DNS, and in this new interface i cant see an option that helps me to solve it
what i'm missing in this case ?
You have not defined any DNS server on the 'internal' or 'lan' interface. Please check my last post.
this is an example of fortigate 5.4 and theres no option to specify DNS Server which has on 5.2 , theres a way to set it up tru CLI ?
If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.
Try that on a port with role "LAN" first, not on the 'wan1' port.
well if he did just copy the policies and routes and did not apply a complete backup he should have at least seen if something failed. If you apply as script you get the status right afterwards and see if it worked or failed. In case it failed you would need to run cli debug log in a console and reapply the script on gui). If you copy paste to cli you see an error immediately when it occurs.
Probably he should post us his dns settings?
Or/and check what Mike wrote?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.