we have a Fortigate v7.0.7 and we dial into the company via vpn from Windows, Mac, Android, iPad, iPhone.
An internal dns server is specified in the ssl vpn settings. There are different zones/domains in our internal DNS.
myfirma.lo (that's the name from our internal AD)
If we make an vpn-connection (with FortiClient) from Windows, Mac or Android, all these zones/domains can be resolved to ip addresses. I test that with ping or nslookup.
No matter what I take, I get an ip address back everywhere.
From iPad and iPhone (also with FortiClient) just the zone myfirma.lo works. All other zones/domains cannot be resolved.
If I ping, for example
I get "Can't resolve host"
So I think, that's a problem with IOS.
What can I do?
Go to Solution.
The solution is to store DNS suffixes in the SSL VPN settings. Only works via CLI:config vpn ssl settingsset dns suffix myfirma.lo;somethingother.de
View solution in original post
I found out with a packet filter, that no DNS-request are sent into the tunnel, except for the domain myfirma.lo.
And myfirma.lo is, as I said, the name of our internal windows domain.
That can not be a coincidence.
And again, as I mentioned before, this only applies to ios (iPad, iPhone). With Windows/Android/Mac everything works as desired.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.