Hey
I have an IPSEC VPN LAN-LAN up and running, but i cant ping other servers on the other side by name....I can only ping by IP.
I tried to follow the tech note below but the command SET DOMAIN is not avaiable on my FORTIGATE 7.0.3
https://community.fortinet.com/t5/FortiGate/Technical-Note-DNS-resolution-over-IPsec-SSL-VPN/ta-p/19...
How can i resolve names across IPSEC VPN?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Lmelim,
As per KB: The set domain command will be available only when mode-cfg is enabled.
Hence, you may need to "set mode-cfg enable" first
Hey
even issuing the command SET MODE-CFG ENABLE the SET DOMAIN is not available.
Does this command is only available for remote IPSEC VPN or is available for SITE TO SITE IPSEC vpn?
I cant make it work my DNS resolution..
The respective configuration only works for Dynamic VPN tunnel. If you are having a Site-to-Site VPN configuration, it is not possible to set the domain. From where do you want to ping the remote site server? If it is FortiGate, you can change the DNS setting in FortiGate, if you are trying to ping from the internal hosts, you can check if it is configured with an internal DNS server that can resolves the server name on the remote network.
Hey
I found the solution.
It was the DNS Filter activated on the VPN FIREWALL RULE that somehow was blocking DNS response...
once it was disabled, the DNS resolution started to work fine.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.