Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
connect555
New Contributor

Created on ‎02-04-2016 12:24 AM

DNS Requests -> Forwarding Proxy

Hi, we´re switching from MS FTMG to FortiGate with Explicit Web Proxy and a "Web Proxy Forwarding Server". The MS FTMG sends all DNS-Request to the configured 'Upstream Proxy'. How can i configure this Option on a FortiGate? Opening a Website results in '504 DNS look up failed'. Using a local DNS-Server is not an Option. There is no Webfilter configured.

13127
0 Kudos
1 Solution
pavol_jaco
New Contributor II
In response to 40netter

Created on ‎09-20-2018 12:00 AM

I have opened ticket for this problem. Guess what... it is normal and as per design :)

Of coarse this is absolutely wrong design. You dont need to resolve anything via DNS when using proxy. As support said, this is simply not yet implemented feature in FortiOS.

View solution in original post

6199
0 Kudos
6 REPLIES 6
40netter
New Contributor

Created on ‎02-01-2018 05:16 AM

Does anybody have a solution to this. We have the exact same problem here. Even though the requests are meant to be forwarded to the parent proxies it seems like the Fortigate tries to do dns resolution on the hostnames, which, ofcourse, fails since the internal DNS server only knows about names in the lan. Any way of disabling dns resolution when forwarding requests would be really helpful.
6121
0 Kudos
pavol_jaco
New Contributor II
In response to 40netter

Created on ‎09-20-2018 12:00 AM

I have opened ticket for this problem. Guess what... it is normal and as per design :)

Of coarse this is absolutely wrong design. You dont need to resolve anything via DNS when using proxy. As support said, this is simply not yet implemented feature in FortiOS.

6200
0 Kudos
connect555
New Contributor
In response to pavol_jaco

Created on ‎04-22-2019 01:23 PM

Any update to this behavior?

FortiOS 6.2? mhmh?

6122
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎04-24-2019 06:32 AM

hm you could to two things:

 

a) set the FGT system DNS to your DNS Proxy. Enable DNS Databse Feature on your FGT and configure a DNS Forwarder on the FGT for the interface you need on.

b) let DHCP do it for you. Letzt the FGT be DHCP Server on the interface you need and set the DHCP Server to hand out the proxy as DNS to the Clients.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
6122
0 Kudos
fida_khan
New Contributor
In response to sw2090

Created on ‎07-11-2021 05:14 AM

Hi All,

 

has anyone found resolution to this issue? if yes then what was the fix as we are currently having the same issue.

 

Regards,

Fida

6122
0 Kudos
sw2090
SuperUser
SuperUser
In response to fida_khan

Created on ‎07-12-2021 01:06 AM

as said you can use the FGT as DNS Server for your clients and set the FGT to do DNS forwarding to your proxy.

DNS Forwarding on FortiOS can be configured per interface. The feater in gui is just not enabled by default. So enable "DNS Datbase" in Feature View to have it in gui.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
6122
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.